AnsweredAssumed Answered

DevOps - The buck stops.... where?

Question asked by matt.jakubczyk on Oct 21, 2014
Latest reply on Aug 29, 2016 by julie.gordon

So I got to thinking about the recent Poodle vulnerability and it got me thinking - where does the buck stop?

(see link: SSL 3.0 Protocol Vulnerability and POODLE Attack | US-CERT )

 

If the Devs are solely responsible for the servers they are managing, there are several real and scary questions you have to ask yourself:

  • As an admin in a DevOps environment, do I even know if I'm vulnerable?
  • If I have an external-facing system managed by a Dev, have I already been compromised?
  • If I have been compromised, how far does it go?
  • Do the Devs take security into account? (Let me help you on this - the answer is no, no matter what they tell you )
  • Who is responsible for mitigating that risk?
  • Who does your organization hold accountable?

Outcomes