Utsav Sanghani is a senior product manager at Synopsys. Among the products that Synopsys has acquired over the last few years to build out its security business is Black Duck. Sanghani has been in the DevOps space for a number of years and is an advocate around the ease with which security can embed itself into the DevOps process.
Despite the focus on DevSecOps or SecDevOps, depending on your viewpoint, it has not had a huge take-up. Sanghani believes that this is because: “Many people are still trying to work out what DevOps means for their organisation. Each organisation has a different perspective and their development agility levels are different.” This difference of perspectives, Sanghani continued, means that just because something works for organisation A it won’t work for organisation B.
For application security specialists such as Synopsys, it means that its security products have to fit into the DevOps process. If not, companies are going to either ignore it or struggle to make the most of it. Sanghani told us that the way Synopsys is addressing this is to make sure that its products integrate with native tooling across the SDLC.
To hear what else Sanghani had to say listen to the podcast
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there