<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    September 13, 2022

    Securing the DX NetOps Development Lifecycle with DevSecOps

    Recent, high-profile cybersecurity exploits, such as Sun Burst and Log4j, demonstrate that every enterprise is only a stone’s throw from a software vulnerability. This becomes especially critical when security is breached in a network monitoring component that has privileged access to core enterprise systems. In the case of Sun Burst, a well-known monitoring software provider made international headlines. By inadvertently delivering a backdoor malware program into an update of its monitoring platform, the software company exposed thousands of organizations, including a number of U.S. government agencies.

    Software supply chain attacks are an emerging threat targeting developers and suppliers. Attackers look for unsecured networks and unsafe software development life cycle (SDLC) practices. When they break in, they change source code and build processes to hide malware in legitimate applications. However, organizations need to trust the software they get from their existing vendors. The reality is that it is nearly impossible for an end-user company to assess the security of every update, of every application, from every supplier they use.

    The successful implementation of secure development practices relies heavily on developers being able to integrate security into their development workflow. In response, forward-thinking organizations have adopted DevSecOps to shift security tactics and strategies toward the early stages of the SDLC. By checking security early and often, issues are reduced, code reliability is improved, and products or services can be launched faster. DevSecOps is not just another “shift-left” paradigm; it has become a strategic piece of the secure SDLC.

    The demand for fast, trusted development has never been more intense. To ensure enterprise-grade software reliability and security, while rapidly delivering updates and new capabilities, the DX NetOps development organization at Broadcom Software relies on DevSecOps. Given the large number of components required in building modern software, there’s no single solution to combat all supply chain threats. That’s why there are a variety of policies, systems, and best practices Broadcom Software uses to secure its SDLC:

    • Automation. Broadcom Software has standardized on proven systems for securing and facilitating continuous integration (CI) and continuous delivery (CD). This has enabled teams to gain full control over builds and limit manual, unaudited interventions.
    • Shift left. Our organization makes the “check early, check often” mantra a reality by scheduling static scans after every code change. As a result, teams uncover security issues and identify third-party components in the source code that may pose vulnerabilities.
    • Continuous audit. Broadcom Software is continually focused on enforcing security throughout the software lifecycle. This includes team education, architectural risk assessment, code analysis, penetration testing, and continuous tracking of vulnerabilities and attack vectors.
    • Bill of materials. Our organization keeps track of what went into every build by creating unique fingerprints related to the source code, the bill of materials, and the system used to create the builds.

    Through these processes and best practices, Broadcom Software has established a level of governance that ensures every team complies with internal procedures, including continuous vulnerability scanning and remediation of reported vulnerabilities. In addition, teams are given extensive guidance for promoting product security.

    By incorporating security from the start, Broadcom Software achieves agility and speed without risking security and compliance. This also gives us an opportunity to foster a culture of innovation, leveraging the benefits provided by the continuous flow of new features and capabilities.

    With cyber threats mounting almost by the day, running up-to-date software is one of the best defenses against security breaches. DX NetOps customers can get service packs on a monthly cadence, so they can keep the product current with the latest security guidelines.

    As version currency is critical to reducing cyber threats and protecting your software investment, Broadcom Software is committed to your successful upgrades. Our Weekend Upgrade Programs help you navigate the upgrade process so you reduce the risk of extended downtime and upgrade failure. With fully staffed support and development teams available during the upgrade weekend, you get all upgrade-related case severities supported, improving the response time to any issues and reducing maintenance window requirements. As a result, there’s never been a better time to consider regular upgrades for DX NetOps, so you can most fully benefit from Broadcom Software’s commitment to delivering enterprise-grade software reliability and security.

    You can learn more about how Broadcom Software ensures DX NetOps remains current with enterprise security guidelines and adapts proactively and intelligently to new vulnerabilities in our white paper, “How Broadcom Software Integrates DevSecOps into the DX NetOps SDLC.“

    Tom Story

    Thomas Story is a product manager for DX NetOps in the AOD division within the Enterprise Software Division at Broadcom. With more than 20 years of domain experience, he has launched many successful solutions, helping customers solve problems with new technology.

    Other resources you might be interested in

    icon
    Blog October 8, 2025

    Nobody Cares About Your MTTR

    This post outlines why IT metrics like MTTR are irrelevant to business leaders, and it emphasizes that IT teams need network observability to bridge this gap.

    icon
    Office Hours October 6, 2025

    Rally Office Hours: October 2, 2025

    The Rally Model Context Protocol (MCP) Server acts as a standardized interface for AI models and developer tools. Learn about this exciting new feature then follow the weekly Q&A session with Rally...

    icon
    Blog October 1, 2025

    Why 1% Packet Loss Is the New 100% Outage

    In an era of real-time apps and multiple clouds, the old rules about 'acceptable' network errors no longer apply. See why you need end-to-end observability.

    icon
    Office Hours September 30, 2025

    Rally Office Hours: September 25, 2025

    Rally Office Hours delivers an essential product tip: Learn to transition from Legacy Custom Pages to powerful Custom Views. Plus, Q&A insights.

    icon
    Blog September 26, 2025

    Defining the Network Engineer of Tomorrow

    Read this post and see why the most important investment isn't in new hardware, but in transforming your team from device managers to service delivery experts.

    icon
    Blog September 26, 2025

    Harnessing AppNeta’s Browser- and HTTP-based Workflows to Track User Experience

    AppNeta’s browser- and HTTP-based workflows let you see what users actually experience. Preempt issues before they become headaches for your end users.

    icon
    Blog September 26, 2025

    “Rego U” Recap: Why SPM Is Still Hot

    Rego Consulting’s Annual Conference underscored why strategic portfolio management (SPM) is still essential. Leverage SPM to bridge strategy and execution.

    icon
    Blog September 23, 2025

    What's New in AutoSys 24.1: Built for the Modern Automation Landscape

    See how AutoSys 24.1 is designed to streamline your daily tasks, accelerate troubleshooting, and simplify how you integrate with the latest technologies.

    icon
    Office Hours September 23, 2025

    Rally Office Hours: September 18, 2025

    In the latest edition of Rally office hours, learn about changes to the Progress Views widget and then follow the weekly Q&A session with Rally product experts.