feat(next-devsecops): "What's Next For DevSecOps" section draft

PauloASilva · PauloASilva · commit 9b154b2c3fd5 · 2019-09-04T18:50:24.000+01:00
diff --git a/2019/en/src/0xb1-next-devsecops.md b/2019/en/src/0xb1-next-devsecops.md
@@ -1,2 +1,24 @@
 What's Next For DevSecOps
 =========================
+
+Due to their importance in modern application architectures, building secure
+APIs is crucial. Security can not be neglected and it should be part of the
+whole development life-cycle. Scanning and penetration testing on a yearly basis
+are not enough anymore.
+
+DevSecOps should join the development effort, facilitating continuous security
+testing across the entire software development life-cycle. Their goal is to
+enhance the development pipeline with security automation and without impacting
+development speed.
+
+In case of doubt, better refreshing the [DevSecOps Manifesto][1].
+
+| | |
+|-|-|
+| **Understand the Threat Model** | b |
+| **Understand the SDLC** | |
+| **Testing Strategies** | |
+| **Achieving Coverage and Accuracy** | |
+| **Clearly Communicate Findings** | Contribute value with less or no friction. Deliver findings in a timely fashion, in the tools development teams are using (not PDF files). Join the development team to address the findings. Take the opportunity to educate them, clearly describing the weakness and how it can be abused, including an attack scenario to make it real. |
+
+[1]: https://www.devsecops.org/
