{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多年來,軟件開發以及其引發的軟件安全問題總是相生相伴。最近幾年,國內有越來越多的軟件開發團隊和企業開始踐行DevOps的研發模式。隨着DevOps的發展,研發安全保障的思維和技術也在不斷演化發展,其中一個重要的思想就是DevSecOps。什麼是DevSecOps?它的價值是什麼?DevSecOps怎樣在企業落地?......針對這些問題,InfoQ記者採訪了小米集團信息安全與隱私部負責人王書魁。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,王書魁有13年的安全從業經驗,於2016年加入小米集團,一直都在參與小米集團整個安全體系的建立。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"“人人爲安全負責”的DevSecOps理念"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"衆所周知,在傳統的安全流程中,開發團隊負責價值交付,運維團隊負責可用性保障,安全團隊負責安全保障。但是,這個流程存在一些問題:安全人員與研發人員是割裂的、相互獨立的,有時甚至是相互對立和衝突的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"王書魁說:“很多時候,"},{"type":"text","marks":[{"type":"strong"}],"text":"業務會覺得安全在找業務的麻煩,安全覺得業務對安全不重視,安全與業務大部分時間在扯皮,這導致安全風險的閉環管理時間週期長、成本高"},{"type":"text","text":"。“"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"並且,隨着業務容器技術、無服務器技術的發展,業務的研發週期和功能迭代頻率越來越快,而安全能力的滯後性則越來越明顯。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
小米集團的DevSecOps實踐
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多年來,軟件開發以及其引發的軟件安全問題總是相生相伴。最近幾年,國內有越來越多的軟件開發團隊和企業開始踐行DevOps的研發模式。隨着DevOps的發展,研發安全保障的思維和技術也在不斷演化發展,其中一個重要的思想就是DevSecOps。什麼是DevSecOps?它的價值是什麼?DevSecOps怎樣在企業落地?......針對這些問題,InfoQ記者採訪了小米集團信息安全與隱私部負責人王書魁。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,王書魁有13年的安全從業經驗,於2016年加入小米集團,一直都在參與小米集團整個安全體系的建立。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"“人人爲安全負責”的DevSecOps理念"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"衆所周知,在傳統的安全流程中,開發團隊負責價值交付,運維團隊負責可用性保障,安全團隊負責安全保障。但是,這個流程存在一些問題:安全人員與研發人員是割裂的、相互獨立的,有時甚至是相互對立和衝突的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"王書魁說:“很多時候,"},{"type":"text","marks":[{"type":"strong"}],"text":"業務會覺得安全在找業務的麻煩,安全覺得業務對安全不重視,安全與業務大部分時間在扯皮,這導致安全風險的閉環管理時間週期長、成本高"},{"type":"text","text":"。“"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"並且,隨着業務容器技術、無服務器技術的發展,業務的研發週期和功能迭代頻率越來越快,而安全能力的滯後性則越來越明顯。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章