The presentation discusses the concept of continuous compliance and how it can be applied to DevSecOps programs. The Open Security Controls Assessment Language (OSCAL) and OSS like Falco and Voucher are presented as tools to achieve continuous compliance at scale.
- Traditional compliance is manual and stressful
- Continuous compliance can be achieved through automated control-based assessments
- OSCAL can be used to create these assessments
- OSS like Falco and Voucher can be used to achieve continuous compliance at scale
- Real-time communication and feedback loops are important for successful implementation of continuous compliance
The speaker highlights the burden that is put on developers when it comes to security and emphasizes the importance of keeping security measures as native and intuitive as possible to ensure success in overall security posture for organizations.