strategies, methods, and outcomes. Given this lack of well-documented research and of historical examples that other programs could use as models, we sought the views of experts representing diverse acquisition user story and release must meet to be considered done. For a user story, the definition may include code completion, the level and types of testing, and (just enough) documentation. For a release, the definition engineer) who coordinates and integrates programmatics (e.g., schedules, metrics) and deliverables (e.g., code)?  Is there a clear owner of the program (or broader enterprise) architecture?  Is there a

to which its policies are expressed as code.” c. CREATE A SINGLE, SHARED SOURCE CODE REPOSITORY FOR OUR ENTIRE ORGANIZATION i. Firm-wide shared source code repository is powerful way to share local Test suite becomes the living documentation of the system specification and represent working examples of API use e. DESIGN FOR OPERATIONS THROUGH CODIFIED NON-FUNCTIONAL REQUIREMENTS i. Designing transfer security knowledge to the teams E. INTEGRATE PREVENTIVE SECURITY CONTROLS INTO SHARED SOURCE CODE REPOSITORIES AND SHARED SERVICES i. Add mechanisms & tools ii. Add security’s pre-blessed libraries

Myth—DevOps Means Eliminating IT Operations, or “NoOps” f. Myth—DevOps is Just “Infrastructure as Code” or Automation: g. Myth—DevOps is Only for Open Source Software: 2. Foreword xix 3. Imagine a secure service to the customer b. THE BUSINESS VALUE OF DEVOPS i. Code and change deployments (thirty times more frequent) ii. Code and change deployment lead time (two hundred times faster) iii. Production Consider when we have an annual schedule for software releases, where an entire year’s worth of code that Development has worked on is released to production deployment. Like in manufacturing, this

Error – error conditions such as API failures, internal issues 5. Fatal – forces a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authen or Kolmogorov-Smirnov 4. Ch. 16 – Enable Feedback So Development and Operation Can Safely Deploy Code a. USE TELEMETRY TO MAKE DEPLOYMENTS SAFER i. Actively monitor production telemetry whenever anyone the same workstation. Popularized by XP & Agile. 1. One engineer is the driver – actually writing code 2. Other engineer is the navigator/observer/pointer – reviewing work, considers strategic direction

Constraints DisorderWhat domain am I in? Act accordingly - there’s no one size fits allDanger Zone Examples Obvious - bureaucratic organization or roles typically see it as a failure of process Complicated

shortcomings.” The Truth about Relativity – Why Everything Is Relative – Even When It Shouldn’t Be  Examples: House Shopping, Vacations,  Observations: o “humans rarely choose things in absolute terms

accumulation of slowness because dependency limits the opportunities for higher fluctuations. What are examples of this in your own organization? Development? QA?Two types of resources ● Bottleneck - any resource

streams of work were significantly behind schedule. Surprising discovery: only 50% of the source code in Dev/Test environments matched Prod. They fixed forward, but changes not put back into version consistent, & secure c. CREATE OUR SINGLE REPOSITORY OF TRUTH FOR THE ENTIRE SYSTEM i. ALL parts (code & environments) of the system are shared in a version control repository ii. Version control is value stream iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers

to a problem.  if we mandate that projects reuse code whenever possible, each project may have to spend time searching archives of available code to find something that is a near fit, and then deal and design patterns. Incremental delivery and staged investments reduce cost and risk.  Custom code is almost not custom these days. A developer incorporates open source frameworks, uses standardized are already available.  There are “cookbooks” available with templates for deploying systems, code snippets that handle common tasks, and well-known and well-studied algorithms for solving typical

of management get in the way of goals. The employee wants the shortest possible path to shipping code without needing layers of approval. Management should be close enough to the action that they can in the interest of shipping code. If there is a backlog in exploratory testing, people who normally do development will help test. Software engineers will oversee their code in production and help make Tests and infrastructure are now both represented in code; with SDN, soon even the network will be. Infrastructure can now be tested, like code; it can be placed in version control.  Technology matters: