<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    September 13, 2022

    Securing the DX NetOps Development Lifecycle with DevSecOps

    Recent, high-profile cybersecurity exploits, such as Sun Burst and Log4j, demonstrate that every enterprise is only a stone’s throw from a software vulnerability. This becomes especially critical when security is breached in a network monitoring component that has privileged access to core enterprise systems. In the case of Sun Burst, a well-known monitoring software provider made international headlines. By inadvertently delivering a backdoor malware program into an update of its monitoring platform, the software company exposed thousands of organizations, including a number of U.S. government agencies.

    Software supply chain attacks are an emerging threat targeting developers and suppliers. Attackers look for unsecured networks and unsafe software development life cycle (SDLC) practices. When they break in, they change source code and build processes to hide malware in legitimate applications. However, organizations need to trust the software they get from their existing vendors. The reality is that it is nearly impossible for an end-user company to assess the security of every update, of every application, from every supplier they use.

    The successful implementation of secure development practices relies heavily on developers being able to integrate security into their development workflow. In response, forward-thinking organizations have adopted DevSecOps to shift security tactics and strategies toward the early stages of the SDLC. By checking security early and often, issues are reduced, code reliability is improved, and products or services can be launched faster. DevSecOps is not just another “shift-left” paradigm; it has become a strategic piece of the secure SDLC.

    The demand for fast, trusted development has never been more intense. To ensure enterprise-grade software reliability and security, while rapidly delivering updates and new capabilities, the DX NetOps development organization at Broadcom Software relies on DevSecOps. Given the large number of components required in building modern software, there’s no single solution to combat all supply chain threats. That’s why there are a variety of policies, systems, and best practices Broadcom Software uses to secure its SDLC:

    • Automation. Broadcom Software has standardized on proven systems for securing and facilitating continuous integration (CI) and continuous delivery (CD). This has enabled teams to gain full control over builds and limit manual, unaudited interventions.
    • Shift left. Our organization makes the “check early, check often” mantra a reality by scheduling static scans after every code change. As a result, teams uncover security issues and identify third-party components in the source code that may pose vulnerabilities.
    • Continuous audit. Broadcom Software is continually focused on enforcing security throughout the software lifecycle. This includes team education, architectural risk assessment, code analysis, penetration testing, and continuous tracking of vulnerabilities and attack vectors.
    • Bill of materials. Our organization keeps track of what went into every build by creating unique fingerprints related to the source code, the bill of materials, and the system used to create the builds.

    Through these processes and best practices, Broadcom Software has established a level of governance that ensures every team complies with internal procedures, including continuous vulnerability scanning and remediation of reported vulnerabilities. In addition, teams are given extensive guidance for promoting product security.

    By incorporating security from the start, Broadcom Software achieves agility and speed without risking security and compliance. This also gives us an opportunity to foster a culture of innovation, leveraging the benefits provided by the continuous flow of new features and capabilities.

    With cyber threats mounting almost by the day, running up-to-date software is one of the best defenses against security breaches. DX NetOps customers can get service packs on a monthly cadence, so they can keep the product current with the latest security guidelines.

    As version currency is critical to reducing cyber threats and protecting your software investment, Broadcom Software is committed to your successful upgrades. Our Weekend Upgrade Programs help you navigate the upgrade process so you reduce the risk of extended downtime and upgrade failure. With fully staffed support and development teams available during the upgrade weekend, you get all upgrade-related case severities supported, improving the response time to any issues and reducing maintenance window requirements. As a result, there’s never been a better time to consider regular upgrades for DX NetOps, so you can most fully benefit from Broadcom Software’s commitment to delivering enterprise-grade software reliability and security.

    You can learn more about how Broadcom Software ensures DX NetOps remains current with enterprise security guidelines and adapts proactively and intelligently to new vulnerabilities in our white paper, “How Broadcom Software Integrates DevSecOps into the DX NetOps SDLC.“

    Tom Story

    Thomas Story is a product manager for DX NetOps in the AOD division within the Enterprise Software Division at Broadcom. With more than 20 years of domain experience, he has launched many successful solutions, helping customers solve problems with new technology.

    Other resources you might be interested in

    icon
    Office Hours October 23, 2025

    Rally Office Hours: October 9, 2025

    Discover Rally's new AI-powered Team Health Widget for flow metrics and drill-downs on feature charts. Plus, get updates on WIP limits and future enhancements.

    icon
    Course October 23, 2025

    AAI - Navigating the Interface and Refining Data Views

    This course introduces you to AAI’s interface and shows you how to navigate efficiently, work with tables, and refine large datasets using search and filter tools.

    icon
    Office Hours October 23, 2025

    Rally Office Hours: October 16, 2025

    Rally's new AI-driven feature automates artifact breakdown - transforming features into stories or stories into tasks - saving time and ensuring consistency.

    icon
    Blog October 22, 2025

    What’s New in Network Observability for Fall 2025

    Discover how the Fall 2025 release of Network Observability by Broadcom introduces powerful new capabilities, elevating your insights and automation.

    icon
    eBook October 22, 2025

    Modernizing Monitoring in a Converged IT-OT Landscape

    The energy sector is shifting, driven by rapid grid modernization and the convergence of IT and OT networks. Traditional monitoring tools fall short.

    icon
    Blog October 22, 2025

    Your network isn't infrastructure anymore. It's a product.

    See why it’s time to stop managing infrastructure and start treating the network as your company's most critical product. Justify investments and prove ROI.

    icon
    Blog October 22, 2025

    The Network Engineers You Can't Hire? They Already Work for You

    See how the proliferation of siloed monitoring tools exacerbates IT skills gaps. Implement an observability platform that empowers the teams you already have.

    icon
    Blog October 8, 2025

    Nobody Cares About Your MTTR

    This post outlines why IT metrics like MTTR are irrelevant to business leaders, and it emphasizes that IT teams need network observability to bridge this gap.

    icon
    Blog October 8, 2025

    Tag(ging)—You’re It: How to Leverage AppNeta Monitoring Data for Maximum Insights

    Find out about tagging capabilities in AppNeta. Get strategies for making the most of tagging and see how it can be a game-changer for your operations teams.