O’Reilly continues to support secure software efforts — and by extension secure options on the Internet. Last month they released “DevOpsSec: Securing Software through Continuous Delivery” by Jim Bird.
The Agile and Dev Ops Sec worlds have a lot of intersection & overlap, and the challenges of emitting risk-appropriate applications remain for both. This 86 page report includes adult content for using infrastructure, specific development & operations practices, security-centric development resources, and code to satisfy your risk management obligations, along with recommendations for “proving” that your apps are “secure-enough.” At 86 pages this report is not comprehensive, and it does not attempt to be. Like many other aspects of Agile activities, it attempts to help us quickly learn somethings about how to move our position closer to “secure-enough.”
It is also “free” [for a name and email address]. For anyone involved in Financial Services software development, I strongly recommend this quick read.
DevOpsSec: Securing Software through Continuous Delivery. http://www.oreilly.com/webops-perf/free/devopssec.csp