O'Reilly logo
  • Jeff Kaspzyk thinks this is interesting:

MythDevOps is Incompatible with Information Security and Compliance: The absence of traditional controls (e.g., segregation of duty, change approval processes, manual security reviews at the end of the project) may dismay information security and compliance professionals.

However, that doesn’t mean that DevOps organizations don’t have effective controls. Instead of security and compliance activities only being performed at the end of the project, controls are integrated into every stage of daily work in the software development life cycle, resulting in better quality, security, and compliance outcomes.


Cover of The DevOps Handbook
  • Preface
  • from The DevOps Handbook
  • by John Willis, Patrick Debois, Jez Humble, Gene Kim
  • Publisher: IT Revolution Press
  • Released: October 2016


A statement in support of the notion that compliance (SDLC compliance) can be an integral part of DevOps. Need to dig further for examples of 'controls integrated into every stage of daily work'.