Securing the DX NetOps Development Lifecycle with DevSecOps

Recent, high-profile cybersecurity exploits, such as Sun Burst and Log4j, demonstrate that every enterprise is only a stone’s throw from a software vulnerability. This becomes especially critical when security is breached in a network monitoring component that has privileged access to core enterprise systems. In the case of Sun Burst, a well-known monitoring software provider made international headlines. By inadvertently delivering a backdoor malware program into an update of its monitoring platform, the software company exposed thousands of organizations, including a number of U.S. government agencies.

Software supply chain attacks are an emerging threat targeting developers and suppliers. Attackers look for unsecured networks and unsafe software development life cycle (SDLC) practices. When they break in, they change source code and build processes to hide malware in legitimate applications. However, organizations need to trust the software they get from their existing vendors. The reality is that it is nearly impossible for an end-user company to assess the security of every update, of every application, from every supplier they use.

The successful implementation of secure development practices relies heavily on developers being able to integrate security into their development workflow. In response, forward-thinking organizations have adopted DevSecOps to shift security tactics and strategies toward the early stages of the SDLC. By checking security early and often, issues are reduced, code reliability is improved, and products or services can be launched faster. DevSecOps is not just another “shift-left” paradigm; it has become a strategic piece of the secure SDLC.

The demand for fast, trusted development has never been more intense. To ensure enterprise-grade software reliability and security, while rapidly delivering updates and new capabilities, the DX NetOps development organization at Broadcom Software relies on DevSecOps. Given the large number of components required in building modern software, there’s no single solution to combat all supply chain threats. That’s why there are a variety of policies, systems, and best practices Broadcom Software uses to secure its SDLC:

• Automation. Broadcom Software has standardized on proven systems for securing and facilitating continuous integration (CI) and continuous delivery (CD). This has enabled teams to gain full control over builds and limit manual, unaudited interventions.
• Shift left. Our organization makes the “check early, check often” mantra a reality by scheduling static scans after every code change. As a result, teams uncover security issues and identify third-party components in the source code that may pose vulnerabilities.
• Continuous audit. Broadcom Software is continually focused on enforcing security throughout the software lifecycle. This includes team education, architectural risk assessment, code analysis, penetration testing, and continuous tracking of vulnerabilities and attack vectors.
• Bill of materials. Our organization keeps track of what went into every build by creating unique fingerprints related to the source code, the bill of materials, and the system used to create the builds.

Through these processes and best practices, Broadcom Software has established a level of governance that ensures every team complies with internal procedures, including continuous vulnerability scanning and remediation of reported vulnerabilities. In addition, teams are given extensive guidance for promoting product security.

By incorporating security from the start, Broadcom Software achieves agility and speed without risking security and compliance. This also gives us an opportunity to foster a culture of innovation, leveraging the benefits provided by the continuous flow of new features and capabilities.

With cyber threats mounting almost by the day, running up-to-date software is one of the best defenses against security breaches. DX NetOps customers can get service packs on a monthly cadence, so they can keep the product current with the latest security guidelines.

As version currency is critical to reducing cyber threats and protecting your software investment, Broadcom Software is committed to your successful upgrades. Our Weekend Upgrade Programs help you navigate the upgrade process so you reduce the risk of extended downtime and upgrade failure. With fully staffed support and development teams available during the upgrade weekend, you get all upgrade-related case severities supported, improving the response time to any issues and reducing maintenance window requirements. As a result, there’s never been a better time to consider regular upgrades for DX NetOps, so you can most fully benefit from Broadcom Software’s commitment to delivering enterprise-grade software reliability and security.

You can learn more about how Broadcom Software ensures DX NetOps remains current with enterprise security guidelines and adapts proactively and intelligently to new vulnerabilities in our white paper, “How Broadcom Software Integrates DevSecOps into the DX NetOps SDLC.“