July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security review policies for releases
An organization should define its own security assessment policies for every release. For a major or new application release, there is no doubt that a full security assessment is needed. However, should we do the same for a patch release, especially when it's a time-sensitive and business-critical release? Having a clear understanding of the application release scope and objective will help the security team to plan the necessary security assessment scope.
The following table shows an example of the relationship between the application releases and the security assessment scope:
|
Application release objective |
Security assessment scope |
|
New or major application release |
Full assessment |