Lead architect of Swordfish Security LLC Yuri Shabalin c

[tanjimajuha20]

ell as on the coincidence of the strategic views of the two teams. In order for the two teams to work towards common goals and understand each other's tasks, it is necessary to establish regular meetings and information exchange between the information security and developers."

alled the communication belgium whatsapp resource problem especially relevant for large companies, where a relatively small information security department accounts for a large number of developers, who are divided into dozens of teams: "In such conditions, it is very difficult to build a normal dialogue, not to mention building a secure development process - often this is physically impossible." Citing personal experience, he recommended growing DevSecOps engineers from among developers: it is more difficult and takes longer to train such personnel from information security specialists, and the quality of their work will be lower.

According to Kamilla Sakaeva, both business disinterest and communication difficulties are significant. She suggested three measures to resolve them: "First, it is necessary to conduct training sessions and presentations for business leaders to explain the value and benefits of DevSecOps. It is important to show how DevSecOps can improve security and development efficiency. Successful cases and examples from the industry work well. Second, find specialists with information security and development skills within the company. You can consider training existing employees so that they can acquire the necessary knowledge and skills. And third, create communication channels between developers and information security specialists. These can be regular meetings, common platforms for exchanging information. It is important to ensure transparency and openness in communication so that both parties can understand and take into account each other's needs."

Oleg Kazakov believes that the main restraining factor is the increasing cost of development: "DevSecOps allows us to make the process of monitoring the security of developed software more systematic, but at the same time it inevitably leads to an increase in the cost of this development itself: it can be difficult to convincingly convey to the business the importance of these additional costs."

Alexander Moiseyev also drew attention to the fact that a certain amount of caution is needed when implementing instrumental means: "There will not be much benefit from the fact that you will haphazardly throw several reports of 500-1000 pages with tens of thousands of warnings and vulnerabilities downloaded from analyzers and scanners towards the developers - as if over a fence -. It is necessary to try to gradually implement certain procedures, using a risk-oriented approach, look at the capacity of the "system" and adjust the processes."

Managing partner of Express 42 LLC, Alexander Titov, believes that the greatest difficulties arise in working with personnel and in implementing new methods that people are not accustomed to: “In fact, DevSecOps does not create any confrontation between development and information security. On the contrary, properly built processes help colleagues work more efficiently. However, to implement such a practice, both experienced managers and designated responsible persons are important. Accordingly, resources are needed, a clear training plan and control over compliance with the rules are require