Ziya's new book "DevSecOps Agile Security" is here

Introduction: This is a practical book that systematically explains DevSecOps agile security. It provides solutions for enterprises to deal with the security challenges brought about by agile software development methods and open source software supply chains. It can effectively guide enterprises to quickly Integrate security capabilities into the entire DevOps system to achieve agile security endogenous and self-growth while ensuring business R&D efficiency.

Hangjing Security, OpenSCA founder Ziya's 10-year precipitation is first public

Recommended by 10 authoritative security experts from academia and business

On the afternoon of July 26, the "See DSO 2022, Ziya's New Book Launch of "DevSecOps Agile Security", hosted by Hangjing Security and co-organized by the OpenSCA community, was successfully held at the Boya International Hotel in Peking University. A group of liberal scholars in the network security circle gathered together to discuss new technologies and trends in the industry with Zi Ya, the author of the new book, founder and CEO of Xuanjing Security and founder of the OpenSCA community, using books as a medium.

The press conference was presided over by Mr. Yang Fuchuan, the senior editor-in-chief of the new book publishing unit Machinery Industry Press. Guo Xue, Deputy Director of the Open Source and Software Security Department of the Institute of Cloud Computing and Big Data, China Academy of Information and Communications Technology, Xiang Shuming, Director of Open Source Compliance and Security Governance of ZTE Corporation, and Wang Yonghui, Head of Security DevSecOps Operations of Ping An One Wallet, attended as guests. More than 20 mainstream media including China Information Security, InfoQ, Security Bull, Network Security and Data Governance, Network Security and Informatization, Hoo New Media, Lei Feng. The content of the meeting was reported in depth.

Ten years of precipitation, accumulation

Ziya delivered a keynote speech on "DevSecOps Agile Security System"

At the beginning of the conference, Chen Zhong, professor of School of Computer Science of Peking University/Director of Network Information Security Laboratory, Tan Xiaosheng, founder of Zhengqi Academy and Jingtai Venture Capital, He Guofeng, Director of Security Technology Research Institute of China Telecom Research Institute, State Grid Hunan Electric Power Network Security Technology Chief Engineer Tian Zheng, CODING Founder & CEO Zhang Hailong, Daoke Network Chief Security Officer Zhang Song, Kanxue Academy Founder Duan Gang, Open Source China & Gitee Founder and CTO Sweet Potato and many other big names have re-recommended through video or by visiting the site. New "DevSecOps Agile Security" and sincere wishes for this event.

Then, in his speech titled "A Brief Talk on DevSecOps Agile Security System", Ziya comprehensively sorted out the digital security risks and challenges faced in the cloud native era, and focused on some of the core contents of his new book.

Ziya believes that in the era of digital economy, software defines everything and has become a basic component to ensure the normal operation of society. However, modern software suffers from potential security risks such as open source component defects, common Web vulnerabilities, business logic vulnerabilities, and abnormal behavior codes. And with the emergence of new products (led by open source), new releases (integration of DevOps research and operations), new technologies (microservice architecture), and new environments (containerization), enterprise organizations are racing to embrace the cloud for business and organization. In the native era, the risk surface of digital applications and the security scope of software supply chain have a greater extension.

Ziya's keynote speech scene

Ziya pointed out that in the new book "DevSecOps Agile Security", the new generation of DevSecOps agile security system originally proposed and firstly proposed by Xuanjing Security is the most suitable practical starting point for preventing and responding to the risks of the whole life cycle of modern software. Through extensive practice in industries such as finance, energy, and pan-Internet, the system has been proven not only suitable for DevOps agile development environments, but also applicable to software supply chain security and cloud-native security scenarios. In his speech, Ziya introduced the core connotation of the DevSecOps agile security system in detail, and sorted out the entire system framework from the four dimensions of culture, process, technology and measurement.
At the end of the speech, Ziya made a forward-looking interpretation of the evolution trend of DevSecOps agile security technology, and shared the cutting-edge research results of Hangjing in this field - code vaccine technology based on single probe and DevSecOps agile security technology pyramid V2. 0.

Ziya (left), founder and CEO of Hangjing Security, and Yang Fuchuan (right), senior editor-in-chief of Machinery Industry Press, jointly unveiled the new book "DevSecOps Agile Security"

For industry-university-research use, see also DSO 2022

Discussion on the new book "DevSecOps Agile Security" by Ziya

Based on Ziya's new book and keynote speeches, the on-site guests held a round-table discussion with Ziya on hot topics related to DevSecOps and shared their industry insights and practical results.

According to Guo Xue, deputy director of the Open Source and Software Security Department of the Institute of Cloud Computing and Big Data, China Academy of Information and Communications Technology, the reason why DevSecOps has received widespread attention in recent years is that its "security left shift" practice idea perfectly fits the cloud-native security concept. Deep integration of security and technical architecture systems. She also specifically mentioned that the book "DevSecOps Agile Security" created by Ziya has played a very positive role in promoting the research and standardization of the entire industry. It not only guides the development direction of the industry, but also effectively guides enterprises to effectively implement DevSecOps.

As Director of Open Source Compliance and Security Governance of ZTE, Xiang Shuming focused on the indispensable role of DevSecOps in the field of software supply chain security. He said that under the premise of rapid business delivery and rapid product iteration, how to trace the source of open source components of software, how to make native open source components safe and credible through governance, and how to ensure the safety and compliance of open source software is an important issue for enterprises and even companies. challenges facing the country. And DevSecOps can play a great role in solving software supply chain security problems, so he believes that the relevant content in Ziya's book "DevSecOps Agile Security" can bring inspiration to enterprises.

Wang Yonghui, as the head of the security DevSecOps operation of Ping An One Wallet, has rich experience in implementation practice. He believes that a milestone event can be an opportunity to promote DevSecOps within an enterprise. Taking Ping An One Wallet as an example, the successful introduction of IAST technology has made the security department recognized, thereby creating a security culture atmosphere, and subsequent processes and tool chains The establishment of the DevSecOps system and even the establishment of the DevSecOps system has become a matter of course. Of course, in this process, it is inevitable to encounter technical resistance. At this time, you can refer to professional works such as "DevSecOps Agile Security" or rely on high-quality suppliers such as Hangjing.

Ziya's new book "DevSecOps Agile Security" discussion site

Focus on DevSecOps Agile Security

A wonderful review of Ziya's Q&A session with reporters

Safety Cow: What was your original intention for writing this book?

Ziya : The original intention of creation is also written in the preface of this book. I always remember the message from my supervisor when I was in school: "If we compare the existing cognitive practice of human beings to a circle, then when we graduate with a Ph.D., our research and practice results can at least lead human beings to take another step outside this circle." The Hangjing team and I have been adhering to this original entrepreneurial aspiration for many years. With years of technical accumulation, we have reached the international advanced level in the DevSecOps track, and we have the ability to represent China's technical strength in this field to the world. Therefore, the creation and publication of this book "DevSecOps Agile Security" is not only to share the technical practice results accumulated by Suojing over the years, but also to feel that users are the best product managers of Suojing, and hope to provide the best solutions in some fields or scenarios. The scheme is fed back to users in more industries for their learning and reference.

Information Security in China: Who is this book suitable for? What specific help will it give them? Can you provide some guidelines for reading this book ?

Ziya: DevSecOps requires security sharing, that is, security is related to those involved in any related link of digital applications, so I hope this book will be out of the circle and help more people. Specifically, from the top to the bottom in the enterprise, from the CEO, CTO, CIO and other core executives to the security director to the technical personnel, the teachers and students in the school are all its readers. This book is divided into five parts, from shallow to deep, from 0 to 1 to advanced, which can empower the above-mentioned people to varying degrees.

Roaring New Media : Just now I noticed that some guests mentioned that this book has filled the gaps in related fields at home and abroad to a certain extent. What is your comment on this ?

Ziya : In the process of writing, I have been thinking about the impact this book can bring to the industry and society as a whole. I think there are three points: First, for the first time, this book systematically builds and sorts out a complete set of security frameworks that can be implemented in practice - the DevSecOps Agile Security System; second, the innovation of hard technology is to promote social The key driving force of progress, at the same time, the universalization of science and technology is also particularly important, and this book is to systematically share the original cutting-edge technology and innovative theoretical cognition that has been accumulated over the years. The actual combat level not only focuses on the best practices in domestic finance, pan-Internet and other industries, but also on international best practices such as the US Department of Defense, Netflix, and Salesforce.

Network security and informatization: The construction of a DevSecOps agile security system involves culture, process, technology, and measurement. Which point do you think is more efficient when an enterprise implements it ?

Ziya: DevSecOps agile security has two major concepts, one is people-oriented, technology-driven, and the other is synchronous planning, synchronous construction, and synchronous operation. Therefore, automated technical support, including agile security tool chain and supporting full-process platform, is more critical in the implementation process. In addition, there is another key point. At the cultural level, it is necessary to obtain high-level support and achieve a sense of security responsibility sharing.

Light Black Technology: How do security vendors and enterprise users view the new technologies and trends of DevSecOps agile security, such as code vaccine technology ?

Ziya : When an enterprise conducts security construction, there is no best, only the best match. The landing practice of DevSecOps is staged and gentle, that is, the so-called moisturizing and silent. For new technologies, enterprises need to consider the needs of their own security construction at different stages, whether they can solve practical problems, as well as the rhythm and business model of the technology's application and promotion in the market. The hanging mirror's code vaccine technology uses a single probe to accurately cover more than 95% of medium and high-risk vulnerabilities in the security left-shift stage, effectively preventing applications from going online with diseases; in the normalized operation stage after going online, RASP is used to provide endogenous services for applications. Active safety immunity. After several years of precipitation and polishing, the probe meets the stringent requirements of enterprise users in terms of stability, language compatibility, and runtime performance loss.

InfoQ : The current growth model of the To B industry is product-driven. As the founder of a leading DevSecOps manufacturer, you must also shoulder the social responsibility to promote the development of the industry. So how do you take into account the strategic layout of the enterprise while promoting the development of the industry ?

Ziya : There are many setbacks in the process of starting a business, and the fundamental force that supports the hanging mirror to finally climb up is the deep love for technology and career. Therefore, in my opinion, promoting the development of the industry and leading the suspension mirror to become the backbone of the security governance and operation of China's software supply chain go hand in hand.

Network Security and Data Governance: From "Unnamed Lakeside" chasing dreams to "Hanging mirror security" to build a dream, from "moving from the heart" to "unifying knowledge and action", Ziya has been practicing as a network security scientific research technology practitioner. National mission and responsibility, then, can you share the biggest gain or inspiration that you have brought to you in the process of running a business or writing the book "DevSecOps Agile Security" ?

Ziya : The culture of Peking University and the culture of the laboratory where I studied taught me to be free. If my heart wants freedom, I dare to make breakthroughs, which gives me the courage to start a business. In the process of starting a business, the Xuanjing team and I have insight into the industry and even the country's demand for agile security in the software supply chain and cloud native, and through our efforts to be at the forefront of this field, we will follow the trend and pass the accumulated experience and results through Share this book with everyone.

In my opinion, as a security vendor, we should focus on our core areas in the process of rapid development. Taking the suspension mirror as an example, in the process of starting a business, it focuses on four "one" core capabilities: a runtime single probe, a code vaccine technology, a set of active defense framework, and a set of agile security system. In addition, the development of enterprises requires a closely linked upstream and downstream ecology. Some of the attempts that Hangjing is making, such as in-depth cooperation with DevOps platforms, middleware manufacturers, and consulting agencies, are also intended to provide users with better product and service experience.

Gifts of roses, hand left lingering fragrance

Review of Ziya's Bookmark Gifting Ceremony

As the event draws to a close, Ziya signed a book to give to every guest and media friend at the scene, and took a group photo with everyone.

Ziya new book gift ceremony site

After the event, some media admitted that they had obtained cutting-edge research results from Ziya’s book launch, which deepened their understanding of the emerging track of DevSecOps, and believed that this new book could help promote the DevSecOps agile, secure and mature ecosystem. establishment.

About the author of "DevSecOps Agile Security": Ziya, founder and CEO of Hangjing Security, founder of OpenSCA open source community, chief security expert of software supply chain security community of China Academy of Information and Communications Technology, producer of DSO Agile Security Conference, representative of the tenth anniversary of ISC , has more than 10 years of experience in cutting-edge security technology research and practice, and is a high-end technology leader with international vision and comprehensive engineering innovation capabilities. He has been engaged in the research of AI deep learning algorithm in the field of continuous threat assessment for a long time, and has a number of original invention patents. He has undertaken major national network security projects and scientific research projects. The first "DevSecOps intelligent adaptive threat management system" has evolved to the third generation , has a profound impact on the industry.

Hanging mirror safety video address: https://weixin.qq.com/sph/A1woJr