
Why DevOps Fails at Application Security - eplanit
https://blog.prevoty.com/why-devops-fails-at-application-security?utm_source=linkedin&utm_medium=cpc&utm_term=TAL6t&utm_content=fails&utm_campaign=darkdevops
======
cyber
Until security is treated similarly to QA this will never improve. Along with
quality, robustness, performance, etc; security needs to be treated as a first
class feature.

That said, it's a tradeoff. I've seen releases with P1 bugs being released. In
those situations it was a discussion between Eng, QA, and Client Operations to
determine what was the best course of action. Technically a P1 went out the
door. Technically there were 2 additional releases before it mattered to the
client that would have been affected.

