Continuous Integration in DevOps

DevOps No Comments »

By C. Aaron Cois
Software Engineering Team Lead
CERT Cyber Security Solutions Directorate

This blog post is the third in a series on DevOps, a software development approach that breaks down barriers between development and operations staff to ensure more effective, efficient software delivery.

Constantine Aaron CoisWhen Agile software development models were first envisioned, a core tenet was to iterate more quickly on software changes and determine the correct path via exploration—essentially, striving to “fail fast” and iterate to correctness as a fundamental project goal. The reason for this process was a belief that developers lacked the necessary information to correctly define long-term project requirements at the onset of a project, due to an inadequate understanding of the customer and an inability to anticipate a customer’s evolving needs. Recent research supports this reasoning by continuing to highlight disconnects between planning, design, and implementation in the software development lifecycle. This blog post highlights continuous integration to avoid disconnects and mitigate risk in software development projects.

Read more...

Development with Docker

DevOps , DevOps Tips No Comments »

By Joe Yankel
Member of the Technical Staff
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Joseph YankelIn our last post, DevOps and Docker, I introduced Docker as a tool to develop and deploy software applications in a controlled, isolated, flexible, and highly portable infrastructure. In this post, I am going to show you how easy it is to get started with Docker. I will dive in and demonstrate how to use Docker containers in a common software development environment by launching a database container (MongoDB), a web service container (a Python Bottle app), and configuring them to communicate forming a functional multi-container application. If you haven’t learned the basics of Docker yet, you should go ahead and try out their official tutorial here before continuing.

Read more...

Software Assurance, Social Networking Tools, Insider Threat, and Risk Analysis—The Latest Research from the SEI

Insider Threat , Insider Threat Patterns , Software Assurance No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. Schmidt As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in software assurance, social networking tools, insider threat, and the Security Engineering Risk Analysis Framework (SERA). This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

DevOps and Docker

DevOps , DevOps Tips No Comments »

By Joe Yankel
Member of the Technical Staff
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Joseph YankelDocker is quite the buzz in the DevOps community these days, and for good reason. Docker containers provide the tools to develop and deploy software applications in a controlled, isolated, flexible, highly portable infrastructure.  Docker  offers substantial benefits to scalability, resource efficiency, and resiliency, as we’ll demonstrate in this posting and upcoming postings in the DevOps blog

Read more...

Is Your Organization Ready for Agile?

Agile , Readiness & Fit Analysis 3 Comments »

By Suzanne Miller
Principal Researcher
Software Solutions Division

This blog post is the sixth in a series on Agile adoption in regulated settings, such as the Department of Defense, Internal Revenue Service, and Food and Drug Administration.

Suzanne Miller "Across the government, we’ve decreased the time it takes across our high-impact investments to deliver functionality by 20 days over the past year alone. That is a big indicator that agencies across the board are adopting agile or agile-like practices," Lisa Schlosser, acting federal chief information officer, said in a November 2014 interview with Federal News Radio. Schlosser based her remarks on data collected by the Office of Management and Budget (OMB) over the last year. In 2010, the OMB issued guidance calling on federal agencies to employ “shorter delivery time frames, an approach consistent with Agile” when developing or acquiring IT. As evidenced by the OMB data, Agile practices can help federal agencies and other organizations design and acquire software more effectively, but they need to understand the risks involved when contemplating the use of Agile. This ongoing series on Readiness & Fit Analysis (RFA) focuses on helping federal agencies and other organizations in regulated settings understand the risks involved when contemplating or embarking on a new approach to developing or acquiring software. Specifically, this blog post, the sixth in a series, explores issues related to system attributes organizations should consider when adopting Agile.

Read more...