Explore requirements gathering for successful DevSecOps pipeline implementation in this 40-minute conference talk from AppSec EU 2017. Learn how to assess current states, identify productivity bottlenecks, determine training needs, establish metrics, and implement monitoring strategies. Discover considerations and approaches for creating a security-first automated development pipeline tailored to your organization's unique requirements, motivations, and technologies. Gain insights into integrating secure coding and verification practices throughout the software development lifecycle, addressing key aspects such as security policy, development platforms, application technical stacks, and cross-team involvement. Understand common pitfalls, the Rugged Manifesto, and strategies for assessing various stakeholders including developers, quality assurance, deployment/release teams, IT operations, and information security. Delve into identifying appropriate metrics, providing feedback, and implementing a Continuous Integration (CI) model for a more secure and efficient software development process. Read more