DevOps is the combination of cultural philosophies, practices, and tools
that increases an organization's ability to deliver applications and services
at high velocity: evolving and improving products at a faster pace than
organizations using traditional software development and infrastructure
management processes.
DevSecOps is the philosophy of integrating security practices within the
DevOps process. DevSecOps involves creating a "Security as Code" culture with
ongoing, flexible collaboration between release engineers and security teams.
A bit more detail:
The concept of guardrails is essential to application security as well.
It isn't surprising that 2017 State of DevOps report by Puppet states
that guardrails, or integrating security deeply into the software delivery
lifecycle, makes teams more than twice as confident of their security
posture. The report also suggests that firms at the highest level of
security integration are able to deploy to production on demand at
a significantly higher rate than firms at all other levels of integration—
61 percent are able to do.
20
MANAGEMENT & GOVERNANCE