Folks, the State of DevOps Survey closed June 8th. If you haven't yet, please click this link: https://bit.ly/2FCG8Me  I just reread the results from prior years in Accelerate and I was struck by the findings in Chapter 5. The differences in velocity among high, medium- and low-performers are well known and I commented on these before. I forgot ...

DevOps Research and Assessment (DORA) is now calling for participation in the 2018 Accelerate State of DevOps Survey. Please click the link to join. We all benefit from having scientifically reviewed data to substantiate the impact of  DevOps practices. The results are summarized in the last four years of the State of DevOps Reports and the new bo...

One of the favorite parts of my job is curating a web site with the stories of how we work. Those experience reports and more of our guidance are now  consolidated at https://aka.ms/devops. In addition to our own stories, this center offers content to help your team learn DevOps practices, Git (including Git at scale), and Agile. There's also a ...

Unfortunately, I had to cut out of DevOps Enterprise Summit early. It’s great to see how DOES has doubled every year, and how the conversations are changing from “Why DevOps?” to “How do we adopt DevOps faster, at larger scale, and through a bigger org?” In this spirit, I updated DevOps at Microsoft last week with eighteen videos and ten articles....

A DevSecOps best practice is root cause analysis, so that we can learn from live site incidents and prevent their recurrence. Equifax made news recently with the exfiltration of data from half the US population. This is a sobering opportunity to look at the root cause. The Equifax attack used Apache Struts, a popular open source project for web ap...

Nicole Forsgren, Gene Kim, participants of the DevOps Enterprise Forum and I collaborated on a free starter self-assessment for your team's DevOps performance. It's now available at https://DevOpsAssessment.net. As input, we used the research from the State of DevOps Reports (presented by DORA and Puppet) that Nicole has been leading for years, ...

Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I’ve received is, When can we have this for TFS too? I’m happy to announce that the extension now works with TFS on-pre...

Most organizations today consume open source software in their development projects. The reuse of components enables great productivity gains. However, this practice has an unintended consequence: you can reuse security vulnerabilities or violate licenses without realizing the risk. I wrote about this in an article in MSDN Magazine on Rugged DevOps...