Policy driven development: Bringing DevOps to InfoSec
In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.