No this is not a political talk. There has been a tremendous focus on "shifting left" and how that will improve efficiency, reduce skill required, etc. However, DevSecOps is not a magic cure all to modernize and secure applications and their development processes. Every role, team, and environment has their own contributions to make to a secure supply chain and secure end deliverables. What types of scanners can be ran in an automated DevSecOps pipeline? What would be better off left to experts? Join us as we discuss how DevSecOps augments but does not replace development/test expertise and proper processes in enterprise systems.

Michael Gildein (z/OS Supply Chain Security Architect)^ IBM Corporation; Chris Brooker^ IBM Corporation; Christopher V DeRobertis (Cybersecurity^ Senior Technical Staff Member)^ IBM Corporation^