In response to market and competitive forces, many companies have turned their attention to developing higher quality and more secure software. Whether that software is their product or is a component of their product, quality and especially security have become required vs optional. To accommodate the security requirements, some companies have adopted DevSecOps overlays to their software development process that can and has caused significant disruption to their process.
This paper is aimed at helping to understand how the transition to DevSecOps need not be traumatic and that a cautious approach that leverages state of the art tools and techniques can be helpful - a practical approach to DevSecOps.
