SECDEVOPS

From  IIA/ISACA IT Hacking Conference : Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. 

As I have had opportunity to demonstrate our product to cybersecurity veterans I am often asked “How did your very small team do this when larger, well-funded teams cannot?” It is true, the WitFoo development team has never been larger than 5 active members at any time and we have only had 10 contributors to the code-base. We don’t Frankenstein together open source code, we custom build it all. All told, our code consists of more than 4 million lines of proprietary code written by a handful of hard-hitting warrior developers. As we wrap our newest and grandest release, I’d like to share some insight into how we pulled it off.