Fork me on GitHub
#bof-sec-audit-compliance-grc
<
2020-10-15
>
Derek Weeks, Sonatype / All Day DevOps21:10:47

Hi everyone!  I’m going to be the host for today’s Security-Audit-Compliance-GRC session.   Looking forward to talking with you all as this is always an exciting topic: Here’s the Zoom info for BOF session starting at 245pm PT / 545pm ET: https://sonatype.zoom.us/j/98357181714 Meeting ID: 983 5718 1714 One tap mobile <tel:+13017158592,,98357181714#|+13017158592,,98357181714#> US (Germantown) <tel:+13126266799,,98357181714#|+13126266799,,98357181714#> US (Chicago)

Pavel Popelka22:10:24

what about state when development has different tool preference compared to global enteprise security in the tool choice? Any experience? Development might prefer "easy to use" tools but it might not be the same preference of enterprise security. Is it the tool realy developers choice?

Pavel Popelka22:10:33

need to leave, thanks @weeks. you answered my question, we need to start more interaction between dev and enterprise security (eg. use security developer as proxy)

Derek Weeks, Sonatype / All Day DevOps22:10:32

@aries which was the other tool you mentioned in this space?

Derek Weeks, Sonatype / All Day DevOps22:10:35

new busineses should focus on “automating IT problems”

Derek Weeks, Sonatype / All Day DevOps22:10:27

Also worth checking out this DevSecOps reference architecture: https://www.sonatype.com/referencearchitecturetestdrive

👍 3