Skip to content
Home » Blog » Open Source Summit 2022 (Video) - Dear Security, Compliance, And Audit

Open Source Summit 2022 Video – Dear Security, Compliance, And Audit

Modern Governance is a term I borrowed from John Willis, author of The DevOps Handbook. Much of this video is inspired by John and my approaches to automating security, compliance, and audit within the software development life cycle (SDLC).

Bottom Line Up Front

People should not execute the governance process. Machines must execute the governance process. People design, develop, and codify the governance process.

The Recommendation

Convert your Change Approval Board (CAB) into a Modern Governance Platform Team.

  • The team creates On-Road paved paths, representing most of the software developed.
  • On-Roads are golden paths, not golden cages. If a paved path does not work, keep the manual option.
  • Regardless of the path traveled, all controls and expectations must be met.
  • Modernize your governance with Autonomous Governance

Key takeaways

  • Modern Governance is a higher-level system design. Modern Governance is autonomous governance.
  • Two types of toil caused by current processes: Governance Toil, Delivery Toil
  • Your change control does not mitigate risk, it increases risk. I have the numbers to prove it.
  • Autononmizing governance means automating the human-controlled gates of the SDLC.
  • You need a Governance Contract to automate human-controlled gates. A governance contract is a syntax and semantics which define your governance primitives.

About The Talk

Stop it with the DevSecAuditComplianceOps buzzwords within the software supply chain. Let’s simply talk about Modern Governance.

Excellent software supply chain hygiene requires governance. Governance stinks because we do it wrong. I promise to give you the means to go from commit to production with 100% no-human-hands. All while meeting visibility, security, compliance, and audit requirements without fail. Modern Governance applies to standard line-of-business software, machine learning, edge, IoT, and other software artifacts. DevOps solved the Developer and Operators conflict. It forgot other essential folks of the delivery lifecycle: Security, Compliance, and Audit. It’s also missing the newest entrant, Software Supply Chain Management. We will talk about Modern Governance.

Modern Governance resolves governance toil with a software engineering approach. It is no different than applying Site Reliability Engineering (SRE) principles & practices to the dull, mundane, and toil-ridden governance processes.

Watch The Video

Here are additional links for content related to the video