Skip to content

Commit

Permalink
Improved introduction
Browse files Browse the repository at this point in the history
  • Loading branch information
@DinisCruz
DinisCruz committed Oct 28, 2016
1 parent 4fe18b7 commit 8033a24
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 17 deletions.
27 changes: 25 additions & 2 deletions content/0.Frontmatter/1.Introduction.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,30 @@
## Introduction

* new introduction needed after changing name to 'SecDevOps Risk Workflow' (from JIRA Risk Workflow)
* new title make more sense since a lot of what the book is covering
This is a book about making developers more productive, embedding security practices into the SDL and ensuring that security risks are accepted and understood.

The focus is on the Dev part of SecDevOps, and on the challenges of creating Security Champions for all DevOps stages.

All content is released under an Creative Commons license (CC BY 3.0) and the GitHub repository [Book_SecDevOps_Risk_Workflow](https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/) contains all text and ideas.

This book is based on successful and unsuccessful real world applications of these ideas. Any feedback, suggestions or comments will be highly appreciated (please open an [issue](https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues) for them)

### Book under construction

There are multiple sections of this book that are still on 'draft' mode (as you can see by the rest of this introduction, which still needs a serious rewrite)

Here are some ideas that I feel will be good on this intro section.

* aimed at: Developers, Security Professionals, Risk Practitioners, Software architects, Security Champions
* presented Risk Workflow
* is key make security decisions explicit
* based on JIRA, but it can also be made to work on GitHub
* provides a framework to make development/security decisions accountable, visible and understood
* the 'Accept Risk' button changes the dynamics & makes the risks/information real
* big focus on the role of Security Champions and the automation of Security Knowledge and Workflows
* practical examples of SecDevOps and DevOps workflows/tools will be shown (git workflows, docker, travis, Jenkins, others...)
* objective is to make SecDevOps into DevOps of just Dev (with SECurity and OPerationS happening behind the scenes, automatically in the CI pipeline)
* based on real world application of these ideas
* objective to scale this ideas and ask for feedback
* The JIRA Risk workflow fits as the way to implement SecDevOps
* Lots of good thinking on SecDevOps
* See this issue for more details on this decision [Issue 15](https://github.com/DinisCruz/Book_Jira_Risk_Workflow/issues/15)
Expand Down
15 changes: 0 additions & 15 deletions content/Draft-Notes/To-fix/_Book-intro.md
View file

This file was deleted.

0 comments on commit 8033a24

Please sign in to comment.