Over the last 30 years, DevOps supplanted Agile, which itself had come to revolutionize Waterfall development. Loosely coupled microservices are now considered state-of-the-art to implement service-oriented architectures. Development timeframes have been compressed, deployments are done on a weekly or daily basis, and the cloud now supports a highly dynamic supply of computing capacity, infrastructure, storage, and network.
The DevOps philosophy has often been summarized by the slogan “move fast and break things”, which means that because it’s so easy to deploy source code to production, you should be using this leverage to innovate faster, and fearlessly.
But there is a catch. DevOps organizations still need to satisfy security and compliance criteria, because cybersecurity’s fundamental mission remains the same: make sure things work as they should, and only as they should. The high flexibility and openness of modern software supply chains force us to rethink them.