On November 29, 2024, MISA representatives shared practical experiences in building a SecDevOps culture to improve the ability to ensure information security for organizations at the Workshop "Learn about DevSecOps - Technology and Security Control Solutions" organized by BIDV Insurance - BIC.
The Workshop was attended by leading experts in the field of information technology and information security. On the side of MISA , there was the participation of Mr. Nguyen Quang Hoang - Director of Information Security, Mr. Bui Duc Truong - Head of Information Security Department.
Within the framework of the workshop, Mr. Bui Duc Truong - Head of MISA Information Security Department introduced the SecDevOps model, thereby sharing experiences in applying SecDevOps to products to support organizations in raising awareness of information security and safety.
According to Paloalto Network's Common Vulnerabilities and Exposures (CVE) Allocation Catalog from November 2022 to January 2023, vulnerabilities often appear in applications due to unsafe programming. Therefore, organizations need to integrate security into the entire software product development process. Specifically, applying the SecDevOps model to software to speed up the product development process, minimizing 40-50% of vulnerabilities in source code, according to James Rutt - CIO Insight.
SecDevOps is a development model that combines security, development, and operations, similar to DevSecOps. However, the important difference is that SecDevOps puts security at the forefront of each individual's mindset and in every step of the software development process. In addition, this model emphasizes the "One Team" working process and culture that helps individuals work closely together to ensure security is prioritized throughout.
To effectively apply the SecDevOps model, organizations need to strictly apply 3 factors: people, process and technology. Regarding people, organizations need to improve the skills of the information security team, connect the Sec team with the DevOps team, provide programming training and secure deployment. Regarding the process, organizations can apply the Secure product lifecycle model - Software Development Life Cycle (SSDLC) to develop secure software. Regarding technology, organizations can use the following security methods and tools to detect and handle security vulnerabilities: Static Analysis (SAST); Dynamic Analysis (DAST); Interactive Analysis (IAST); Software Composition Analysis (SCA).
According to Mr. Truong, programmers need to be trained in security awareness and safe programming, aiming to prevent vulnerabilities from appearing in later steps of the software development process.
As a leading technology enterprise providing software as a service in Vietnam, and also the initiator of the establishment of the CYSEEX Alliance, MISA commits to accompanying organizations in deploying advanced security solutions, protecting data and information systems from cyber attacks.
Source: https://www.misa.vn/149771/secdevops-information-security-solution-for-organizations/
![[Photo] General Secretary To Lam attends the 18th Hanoi Party Congress, term 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/16/1760581023342_cover-0367-jpg.webp)
![[Photo] Many dykes in Bac Ninh were eroded after the circulation of storm No. 11](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/15/1760537802647_1-7384-jpg.webp)
![[Photo] Conference of the Government Party Committee Standing Committee and the National Assembly Party Committee Standing Committee on the 10th Session, 15th National Assembly](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/15/1760543205375_dsc-7128-jpg.webp)
![[Video] TripAdvisor honors many famous attractions of Ninh Binh](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/10/16/1760574721908_vinh-danh-ninh-binh-7368-jpg.webp)
Comment (0)