The devSecOps Dilemma


Chris Corriere

devOps believes in intelligent agents. Security assumes the worst of intentions. Both risk an imbalance of trust. The Prisoner’s Dilemma and the devSecOps Dilemma, defined as a lack of cooperation that stems from a lack of trust in an over-competitive environment, have the same flaw: There’s not a game position that’s safe for everyone because of obliviousness or malicious intent. A low trust cooperative game state is emerging as a result of this conflict. In a devOps world everyone means Everyone both internally and externally. This includes the unique identities, teams, their organizations, the customers that keep them in business, and even their perceived competition.

This presentation will discuss a Nash equilibrium forming as a result of the tension between security and high trust devOps environments, the complementary set operations found outside the equilibria, and provide ecological examples of these adaptations. We’ll also take a look at the technologies we need to automate our environments & how moving with agility ends up making us safer in the long run.

  • Core devOps Concepts
  • Value Stream Mapping
  • Game Theory
  • Nash Equilibriums
  • Automating Security Scans in a Build Environment