In traditional IT and web2 many organizations have separate teams for development, security, and operations. Separate teams means communication and process complexity, so throughput is reduced and frustration goes up. For a short time, I worked in a large telco and saw this firsthand; I witnessed how these complexities led to significant bottlenecks and delays.
As we build a community of decentralized services for the open economy, we could easily repeat errors of the past. But let’s not. Instead, we can build better tools and infrastructure that will automate our processes and we can incentivize and reward decentralized service providers.
DevSec is about helping us build faster with security. For example, with OpenZeppelin Contracts we provide developer libraries that bake in security and that make operations easier. This includes DevSec coverage for:
SecOps is about running decentralized services faster with security. For example, with OpenZeppelin Defender we provide operations automation and infra services that are required for secure dapps. This supports SecOps with:
DevSecOps means streamlined processes, more automation, and ultimately less people time. Time is always our most precious resource, and this is triply true for start-ups. Hiring is hard and expensive, and we all have big backlogs already (what I like to call “work opportunity”!) so it’s easy to defer extra work on security and ops.
Another area of innovation is in how to involve external workers to help in ops in a decentralized on-demand way. This is done through incentives and rewards. Think of Uber for ops. Andre Cronje’s keep3r.network is a great example of an early experiment along these lines, and we are glad to support it with Defender. This is a big and important topic; can decentralized workers help support decentralized services, and can that actually lead to better security and reliability? More to say about this soon.