Merge remote-tracking branch 'LCTT/master'

published/20190624 Book Review- A Byte of Vim.md

@@ -0,0 +1,86 @@
+[#]: collector: (lujun9972)
+[#]: translator: (JonnieWayy)
+[#]: reviewer: (wxy)
+[#]: publisher: (wxy)
+[#]: url: (https://linux.cn/article-12441-1.html)
+[#]: subject: (Book Review: A Byte of Vim)
+[#]: via: (https://itsfoss.com/book-review-a-byte-of-vim/)
+[#]: author: (John Paul https://itsfoss.com/author/john/)
+
+《A Byte of Vim》书评
+======
+
+[Vim][1] 是一个简单而又强大的文本编辑工具。大多数新用户都会被它吓倒，因为它不像常规的图形化文本编辑器那样“工作”。Vim “不寻常”的键盘快捷键让人不知道[如何保存并退出 Vim][2]。但一旦你掌握了 Vim，就没有什么能比得上它了。
+
+网上有大量的 [Vim 资源][3]。我们也在介绍了一些 Vim 技巧。除了线上资源，也有很多书致力于介绍这个编辑器。今天，我们要介绍的是一本旨在使大多数用户轻松理解 Vim 的书。我们将讨论的书是 [Swaroop C H][5] 撰写的《[A Byte of Vim][4]》。
+
+本书作者 [Swaroop C H][5] 已经在计算机领域工作了十余年，他曾在 Yahoo 和 Adobe 工作过。大学毕业后，他卖过 Linux CD，也曾多次创业，也是一个创建了一个名为 ion 的 iPod 充电器的团队的联合创始人。他目前是 [Helpshift][7] AI 团队的工程经理。
+
+### 《A Byte of Vim》
+
+![][8]
+
+像所有好书一样，《A Byte of Vim》一开始就谈到了什么是 Vim：“一个用于写各类文本的计算机程序。”他接着说：“Vim 之所以与众不同，是因为它是为数不多的既简单又强大的软件之一。”
+
+在深入讲解如何使用 Vim 之前，Swaroop 先告诉读者如何在 Windows、Mac、Linux 和 BSD 上安装 Vim。安装完成后，他进而指导读者完成如何启动 Vim，以及如何创建第一个文件。
+
+接着，Swaroop 讨论了 Vim 的不同模式，以及如何通过 Vim 的键盘快捷键来浏览文档。接着是使用 Vim 编辑文档的基础知识，包括如何在 Vim 中剪切/复制/粘帖以及撤销/重做。
+
+在介绍了编辑基础知识后，Swaroop 介绍了如何使用 Vim 来编辑单个文档的多个部分。你也可以使用多个标签和窗口来同时编辑多个文档。
+
+本书还涵盖了通过编写脚本和安装插件来扩展 Vim 的功能。在 Vim 中使用脚本有两种方法，一种是使用 Vim 的内置脚本语言，另一种是使用 Python 或 Perl 等编程语言来访问 Vim 的内核。可以编写或下载五种类型的 Vim 插件：vimrc、全局插件、文件类型插件、语法高亮插件和编译器插件。
+
+在一个单独的章节中，Swaroop C H 介绍了使 Vim 更适合编程的特点。这些功能包括语法高亮、智能缩进、对 Shell 命令的支持、全局补全以及可用作 IDE 使用的功能。
+
+#### 获取《A Byte of Vim》一书并为之贡献
+
+《A Byte of Vim》按照 [共创协议 4.0][10]授权。读者可以在[作者的主页][4]上免费阅读其在线版本。你也可以免费下载其 [PDF][11]、[Epub][12] 或者 [Mobi][13] 版本。
+
+- [免费获取《A Byte of Vim》][4]
+
+如果你更喜欢阅读[纸质版本][14]，你也可以选择该方式。
+
+请注意，**《A Byte of Vim》的初始版本写于 2008**，并转换为 PDf。不幸的是，Swaroop CH丢失了原始源文件。他正在努力将该书转换为 [Markdown][15]。如果你想提供帮助，请访问[该书的 GitHub 页面][16]。
+
+#### 结语
+
+当我初次对着 Vim 生气时，我不知道该怎么办。我希望那时候我就知道《A Byte of Vim》这本书。对于任何学习 Linux 的人来说，这本书都是不错的资源，特别是当你开始学习命令行的时候。
+
+你读过 Swaroop C H 的《[A Byte of Vim][4]》吗？如果读过，你是如何找到它的？如果不是，那么你最喜欢关于开源主题的是哪本书？请在下方评论区告诉我们。
+
+
+--------------------------------------------------------------------------------
+
+via: https://itsfoss.com/book-review-a-byte-of-vim/
+
+作者：[John Paul][a]
+选题：[lujun9972][b]
+译者：[JonnieWayy](https://github.com/JonnieWayy)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://itsfoss.com/author/john/
+[b]: https://github.com/lujun9972
+[1]: https://www.vim.org/
+[2]: https://itsfoss.com/how-to-exit-vim/
+[3]: https://linuxhandbook.com/basic-vim-commands/
+[4]: https://vim.swaroopch.com/
+[5]: https://swaroopch.com/
+[6]: https://swaroopch.com/about/
+[7]: https://www.helpshift.com/
+[8]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/Byte-of-vim-book.png?resize=800%2C450&ssl=1
+[9]: https://itsfoss.com/4mlinux-review/
+[10]: https://creativecommons.org/licenses/by/4.0/
+[11]: https://www.gitbook.com/download/pdf/book/swaroopch/byte-of-vim
+[12]: https://www.gitbook.com/download/epub/book/swaroopch/byte-of-vim
+[13]: https://www.gitbook.com/download/mobi/book/swaroopch/byte-of-vim
+[14]: https://swaroopch.com/buybook/
+[15]: https://itsfoss.com/best-markdown-editors-linux/
+[16]: https://github.com/swaroopch/byte-of-vim#status-incomplete
+[17]: https://i2.wp.com/images-na.ssl-images-amazon.com/images/I/41itW8furUL._SL160_.jpg?ssl=1
+[18]: https://www.amazon.com/Mastering-Vim-Quickly-WTF-time/dp/1983325740?SubscriptionId=AKIAJ3N3QBK3ZHDGU54Q&tag=chmod7mediate-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1983325740 (Mastering Vim Quickly: From WTF to OMG in no time)
+[19]: https://www.amazon.com/gp/prime/?tag=chmod7mediate-20 (Amazon Prime)
+[20]: https://www.amazon.com/Mastering-Vim-Quickly-WTF-time/dp/1983325740?SubscriptionId=AKIAJ3N3QBK3ZHDGU54Q&tag=chmod7mediate-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1983325740 (Buy on Amazon)
+[21]: https://itsfoss.com/iridium-browser-review/
+[22]: http://reddit.com/r/linuxusersgroup

sources/tech/20180730 50 Best Ubuntu Apps You Should Be Using Right Now.md

@@ -1,3 +1,5 @@
+LikChung is translating
+
 50 Best Ubuntu Apps You Should Be Using Right Now
 ======
 **Brief: A comprehensive list of best Ubuntu apps for all kind of users. These software will help you in getting a better experience with your Linux desktop.**

sources/tech/20190808 Sending custom emails with Python.md

@@ -1,5 +1,5 @@
 [#]: collector: (lujun9972)
-[#]: translator: ( )
+[#]: translator: (silentdawn-zz)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )

sources/tech/20200715 What-s the difference between DevSecOps and agile software development.md

@@ -1,97 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: (windgeek)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (What's the difference between DevSecOps and agile software development)
-[#]: via: (https://opensource.com/article/20/7/devsecops-vs-agile)
-[#]: author: (Sam Bocetta https://opensource.com/users/sambocetta)
-
-What's the difference between DevSecOps and agile software development
-======
-Are you focused more on security or software delivery? Or can you have
-both?
-![Brick wall between two people, a developer and an operations manager][1]
-
-There is a tendency in the tech community to use the terms DevSecOps and agile development interchangeably. While there are some similarities, such as that both aim to detect risks earlier, there are also distinctions that [drastically alter how each would work][2] in your organization.
-
-DevSecOps built on some of the principles that agile development established. However, DevSecOps is [especially focused on integrating security features][3], while agile is focused on delivering software.
-
-Knowing how to protect your website or application from ransomware and other threats really comes down to the software and systems development you use. Your needs may impact whether you choose to utilize DevSecOps, agile development, or both.
-
-### Differences between DevSecOps and agile
-
-The main distinction between these two systems comes down to one simple concept: security. Depending on your software development practices, your company's security measures—and when, where, and who implements them—may differ significantly.
-
-Every business [needs IT security][4] to protect their vital data. Virtual private networks (VPNs), digital certificates, firewall protection, multi-factor authentication, secure cloud storage, and teaching employees about basic cybersecurity measures are all actions a business should take if it truly values IT security.
-
-When you trust DevSecOps, you're taking your company's security and essentially making it tantamount to continuous integration and delivery. DevSecOps methodologies emphasize security at the very beginning of development and make it an integral component of overall software quality.
-
-This is due to three major principles in DevSecOps security:
-
-  * Balancing user access with data security
-  * [Encrypting data][5] with VPN and SSL to protect it from intruders while it is in transit
-  * Anticipating future risks with tools that scan new code for security flaws and notifying developers about the flaws
-
-
-
-While DevOps has always intended to include security, not every organization practicing DevOps has kept it in mind. That is where DevSecOps as an evolution of DevOps can offer clarity. Despite the similarity of their names, the two [should not be confused][6]. In a DevSecOps model, security is the primary driving force for the organization.
-
-Meanwhile, agile development is more focused on iterative development cycles, which means feedback is constantly integrated into continuous software development. [Agile's key principles][7] are to embrace changing environments to provide customers and clients with competitive advantages, to collaborate closely with developers and stakeholders, and to maintain a consistent focus of technical excellence throughout the process to help boost efficiency. In other words, unless an agile team includes security in its definition of excellence, security _is_ an afterthought in agile.
-
-### Challenges for defense agencies
-
-If there's any organization dedicated to the utmost in security, it's the U.S. Department of Defense. In 2018, the DoD published a [guide to "fake agile"][8] or "agile in name only" in software development. The guide was designed to warn DoD executives about bad programming and explain how to spot it to avoid risks.
-
-It's not only DoD that has something to gain by using these methodologies. The healthcare and financial sectors also [maintain massive quantities][9] of sensitive data that must remain secure.
-
-DoD's changing of the guard with its modernization strategy, which includes the adoption of DevSecOps, is essential. This is particularly pertinent in an age when even the DoD is susceptible to hacker attacks and data breaches, as evidenced by its [massive data breach][10] in February 2020.
-
-There are also risks inherent in transferring cybersecurity best practices into real-life development. Things won't go perfectly 100% of the time. At best, things will be uncomfortable, and at worst, they could create a whole new set of risks.
-
-Developers, especially those working on code for military software, may not have a thorough [understanding of all contexts][11] where DevSecOps should be employed. There will be a steep learning curve, but for the greater good of security, these are necessary growing pains.
-
-### New models in the age of automation
-
-To address growing concerns about previous security measures, DoD contractors have begun to assess the DevSecOps model. The key is deploying the methodology into continuous service delivery contexts.
-
-There are three ways this can happen. The first involves automation, which is [already being used][12] in most privacy and security tools, including VPNs and privacy-enhanced mobile operating systems. Instead of relying on human-based checks and balances, automation in large-scale cloud infrastructures can handle ongoing maintenance and security assessments.
-
-The second element involves the transition to DevSecOps as the primary security checkpoint. Traditionally, systems were designed with zero expectation that data would be accessible as it moves between various components.
-
-The third and final element involves bringing corporate approaches to military software development. Many DoD contractors and employees come from the commercial sector rather than the military. Their background gives them knowledge and experience in [providing cybersecurity][13] to large-scale businesses, which they can bring into government positions.
-
-### Challenges worth overcoming
-
-Switching to a DevSecOps-based methodology presents some challenges. In the last decade, many organizations have completely redesigned their development lifecycles to comply with agile development practices, and making another switch so soon may seem daunting.
-
-Businesses should gain peace of mind knowing that even the DoD has had trouble with this transition, and they're not alone in the challenges of rolling out new processes to make commercial techniques and tools more widely accessible.
-
-Looking into the future, the switch to DevSecOps will be no more painful than the switch to agile development was. Firms have a lot to gain by acknowledging the [value of building security][4] into development workflows, as well as building upon the advantages of existing agile networks.
-
---------------------------------------------------------------------------------
-
-via: https://opensource.com/article/20/7/devsecops-vs-agile
-
-作者：[Sam Bocetta][a]
-选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://opensource.com/users/sambocetta
-[b]: https://github.com/lujun9972
-[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops_confusion_wall_questions.png?itok=zLS7K2JG (Brick wall between two people, a developer and an operations manager)
-[2]: https://tech.gsa.gov/guides/understanding_differences_agile_devsecops/
-[3]: https://www.redhat.com/en/topics/devops/what-is-devsecops
-[4]: https://www.redhat.com/en/topics/security
-[5]: https://surfshark.com/blog/does-vpn-protect-you-from-hackers
-[6]: https://www.infoq.com/articles/evolve-devops-devsecops/
-[7]: https://enterprisersproject.com/article/2019/9/agile-project-management-explained
-[8]: https://www.governmentciomedia.com/defense-innovation-board-issues-guide-detecting-agile-bs
-[9]: https://www.redhat.com/en/solutions/financial-services
-[10]: https://www.military.com/daily-news/2020/02/25/dod-agency-suffers-data-breach-potentially-compromising-ssns.html
-[11]: https://fcw.com/articles/2020/01/23/dod-devsecops-guidance-williams.aspx
-[12]: https://privacyaustralia.net/privacy-tools/
-[13]: https://www.securitymagazine.com/articles/88301-cybersecurity-is-standard-business-practice-for-large-companies

translated/tech/20190624 Book Review- A Byte of Vim.md

@@ -1,100 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: (JonnieWayy)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (Book Review: A Byte of Vim)
-[#]: via: (https://itsfoss.com/book-review-a-byte-of-vim/)
-[#]: author: (John Paul https://itsfoss.com/author/john/)
-
-书评：A Byte of Vim
-======
-
-[Vim][1]是一个简单而又强大的文本编辑工具。大多数新用户都会被它吓倒，因为它不像常规的图形化文本编辑器那样“工作”。Vim“不寻常”的键盘快捷键让人很好奇[如何保存并退出Vim][2]. 但一旦你掌握了Vim，就不会再产生这样的问题了。
-
-网上有大量的[Vim资源][3]。我们也在It's FOSS上介绍了一些Vim技巧。除了线上资源，也有很多书致力于介绍这个编辑器。今天，我们要介绍的是一本旨在使Vim易于大多数用户理解的书。我们将讨论的书是[Swaroop C H][5]的[《A Byte of Vim》][4]。
-
-本书作者[Swaroop C H]已经在计算机领域工作了十余年。他曾在Yahoo和Adobe工作过。大学毕业后，他通过售卖Linux CD赚钱。他曾多次创业，包括一个名为ion的iPod充电器。他目前是[Helpshift][7] AI团队的工程经理。
-
-### A Byte of Vim
-
-![][8]
-
-和所有好书一样，《A Byte of Vim》从谈论什么是Vim开始：“一个用于写各类文本的电脑程序。”他继续说道，“Vim之所以与众不同，是因为它是为数不多的既简单又强大的软件之一。”
-
-在深入讲解如何使用Vim之前，Swaroop先告诉读者如何在Windows、Mac、Linux和BSD上安装Vim。安装完成后，他将进而指导读者完成如何启动Vim，以及如何创建第一个文件。
-
-接着，Swaroop讨论了Vim的不同模式，以及如何通过Vim的键盘快捷键在文档中浏览。接着是使用Vim编辑文档的基础知识，包括剪切/赋值/粘帖以及撤销/重做的Vim版本。
-
-在涵盖了编辑基础知识后，Swaroop讨论了使用Vim编辑单个文档的多个部分。读者也可以使用多个标签和窗口来同时编辑多个文档。
-
-[][9]
-
-推荐阅读  《Bring Your Old Computer Back to Life With 4MLinux》
-
-本书还涵盖了通过编写脚本和安装插件来扩展Vim的功能。在Vim中使用脚本有两种方法，一种是使用Vim的内置脚本语言，另一种是使用Python或Perl等编程语言来访问Vim的内核。可以编写或下载五种类型的Vim插件：vimrc，全局插件，文件类型插件，语法突出显示插件和编译器插件。
-
-在独立的部分中，Swaroop C H涵盖了使Vim更适合编程的特点。这些功能包括语法高亮、智能缩进、对Shell命令的支持、全能补全以及可用作IDE的功能。
-
-#### 获取《A Byte of Vim》一书并为之贡献
-
-《A Byte of Vim》由[Creative Commons 4.0][10]许可。读者可以在[作者的主页][4]上免费阅读其在线版本。您也可以免费下载其[PDF][11]、[Epub][12]或者[Mobi][13]版本。
-
-[免费获取《A Byte of Vim》][4]
-
-如果您更喜欢阅读[纸质版本][14]，你也可以选择该选项。
-
-请注意，** Vim字节的原始版本写于2008**，并转换为PDf。不幸的是，Swaroop CH丢失了原始源文件。他正在努力将该书转换为[Markdown][15]。如果您想提供帮助，请访问[图书的GitHub页面][16]。
-
-
-| 简介                                                                             | 产品                 | 价格         |
-| ---                                                                            | ---                  | ---          |
-| ![快速掌握Vim：立即从WTF到OMG][17] | [在Amazon上购买][21] | $34.00[][19] |
-
-#### 结语
-
-当我初次对着Vim生气时，我不知道该怎么办。我希望那时候我就知道《A Byte of Vim》这本书。对于任何学习Linux的人来说，这本书都是不错的资源，特别是当您开始学习命令行的时候。
-
-您读过Swaroop C H的[《A Byte of Vim》][4]吗？如果读过，您是如何找到它的？如果不是，那么您最喜欢关于开源主题的是哪本书？请在下方评论区告诉我们。
-
-[][21]
-
-推荐阅读  《Iridium Browser: A Browser for the Privacy Conscious》
-
-如果您觉得这篇文章有意思，请花上一分钟在社交媒体、Hacker News或[Reddit][22]上分享它。
-
---------------------------------------------------------------------------------
-
-via: https://itsfoss.com/book-review-a-byte-of-vim/
-
-作者：[John Paul][a]
-选题：[lujun9972][b]
-译者：[JonnieWayy](https://github.com/JonnieWayy)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://itsfoss.com/author/john/
-[b]: https://github.com/lujun9972
-[1]: https://www.vim.org/
-[2]: https://itsfoss.com/how-to-exit-vim/
-[3]: https://linuxhandbook.com/basic-vim-commands/
-[4]: https://vim.swaroopch.com/
-[5]: https://swaroopch.com/
-[6]: https://swaroopch.com/about/
-[7]: https://www.helpshift.com/
-[8]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/Byte-of-vim-book.png?resize=800%2C450&ssl=1
-[9]: https://itsfoss.com/4mlinux-review/
-[10]: https://creativecommons.org/licenses/by/4.0/
-[11]: https://www.gitbook.com/download/pdf/book/swaroopch/byte-of-vim
-[12]: https://www.gitbook.com/download/epub/book/swaroopch/byte-of-vim
-[13]: https://www.gitbook.com/download/mobi/book/swaroopch/byte-of-vim
-[14]: https://swaroopch.com/buybook/
-[15]: https://itsfoss.com/best-markdown-editors-linux/
-[16]: https://github.com/swaroopch/byte-of-vim#status-incomplete
-[17]: https://i2.wp.com/images-na.ssl-images-amazon.com/images/I/41itW8furUL._SL160_.jpg?ssl=1
-[18]: https://www.amazon.com/Mastering-Vim-Quickly-WTF-time/dp/1983325740?SubscriptionId=AKIAJ3N3QBK3ZHDGU54Q&tag=chmod7mediate-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1983325740 (Mastering Vim Quickly: From WTF to OMG in no time)
-[19]: https://www.amazon.com/gp/prime/?tag=chmod7mediate-20 (Amazon Prime)
-[20]: https://www.amazon.com/Mastering-Vim-Quickly-WTF-time/dp/1983325740?SubscriptionId=AKIAJ3N3QBK3ZHDGU54Q&tag=chmod7mediate-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1983325740 (Buy on Amazon)
-[21]: https://itsfoss.com/iridium-browser-review/
-[22]: http://reddit.com/r/linuxusersgroup

translated/tech/20200715 What-s the difference between DevSecOps and agile software development.md

@@ -0,0 +1,99 @@
+[#]: collector: (lujun9972)
+[#]: translator: (windgeek)
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (What's the difference between DevSecOps and agile software development)
+[#]: via: (https://opensource.com/article/20/7/devsecops-vs-agile)
+[#]: author: (Sam Bocetta https://opensource.com/users/sambocetta)
+
+DevSecOps和敏捷软件开发有什么不同
+======
+你更专注于安全性还是软件发行，或者说你两者都很关注？
+
+![Brick wall between two people, a developer and an operations manager][1]
+
+技术社区中存在一种趋势，经常互换地使用DevSecOps和敏捷软件开发这两个术语。尽管它们有一些相似性，例如都旨在更容易地检测风险，但在改变团队的工作方式层面有很大不同。
+
+DevSecOps建立在敏捷开发建立的一些原则上。但是，DevSecOps特别专注于[集成安全功能][3]，而敏捷开发则专注于交付软件。
+
+知道如何保护你们的网站或应用程序免受勒索程序和其他威胁的侵害，实际上取决于你使用的软件和系统开发。这可能会影响您选择使用DevSecOps，敏捷开发还是两者兼而有之。
+
+
+
+### DevSecOps和敏捷软件开发的不同之处
+
+两者的主要区别可以归结为一个简单的概念：安全性。这取决于你的软件开发实践，你们公司的安全措施-以及何时，何地以及由谁实施，都可能会有很大不同。
+
+每个企业都[需要IT安全] [4]来保护其重要数据。如果企业真正重视IT安全，一般都会采取虚拟专用网（VPN）、数字证书、防火墙保护、多因子身份验证、安全的云存储，包括向员工介绍基本的网络安全措施。
+
+当你完全相信DevSecOps时，意味着可你正在保护公司的安全，并从本质上使其等同于持续集成和交付。 DevSecOps方法论在开发之初就强调安全性，并使其成为整体软件质量不可或缺的组成部分。
+
+基于DevSecOps安全性的三大原则：
+  * 平衡用户访问难易程度及数据安全性
+  * 使用[VPN]和SSL的[加密数据] [5]可防止数据在传输过程中受到入侵者的攻击
+  * 使用可以扫描新代码的安全漏洞并能通知开发人员该漏洞的工具来预测防范未来的风险
+
+尽管DevOps一直打算包含安全性，但并非每个实践DevOps的组织都牢记这一点。DevSecOps在DevOps的演进形式中，可以提供更加清晰的信息。尽管它们的名称相似，但这两个[不应混淆] [6]。在DevSecOps模型中，安全性是团队的主要驱动力。
+
+同时，敏捷开发更专注于迭代开发周期，这意味着反馈不断集成到持续的软件开发中。 [敏捷的关键原则] [7]是拥抱不断变化的环境，为客户和使用者提供竞争优势，让开发人员和利益相关者紧密合作，并在整个过程中始终保持技术卓越作为重点，用以提升效率。换句话说，除非敏捷团队在其定义中包括安全性，否则安全性在敏捷敏捷中算是事后思考。
+
+### 国防机构面临的挑战
+
+如果要说专门致力于最大程度地提高安全性的组织，美国国防部就是其中之一。在2018年，美国国防部发布了软件开发中的[伪造敏捷指南] [8]或“仅以名称命名的敏捷”指南。该指南旨在警告国防部高管有关编程不正确的问题，并说明如何发现它以避免风险。
+
+使用这些方法不仅可以使国防部受益。医疗保健和金融部门还[持有大量] [9]必须保证安全的敏感数据。
+
+国防部通过其现代化战略（包括采用DevSecOps）来改变防范形式至关重要。尤其在这个国防部容易受到黑客攻击和数据泄露的时代，这一点在2020年2月的[大规模数据泄露] [10]中已经得到了证明。
+
+将网络安全最佳实践转化为现实发展仍然还存在固有的风险。事情不可能100％完美地进行。最好的状况是稍微有点不舒服，最坏的情况下，它们可能会带来全新的风险。
+
+开发人员，尤其是那些为军事软件编写代码的开发人员，可能没有对DevSecOps的[所有上下文的理解] [11]都能有透彻的理解。学习曲线会很陡峭，但是为了获得更大的安全性，必须承受这些必不可少的痛苦。
+
+
+### 自动化时代的新模式
+
+为了解决对先前安全措施日益增长的担忧，国防部承包商已开始评估DevSecOps模型。关键是将方法论部署到持续的服务交付环境中。
+
+应对这个问题，出现了三个方向。第一种涉及到自动化，自动化已在大多数隐私和安全工具中[广泛使用][12]，包括VPN和增强隐私的移动操作系统。大型云基础架构中的自动化无需依赖于人为的检查和平衡，可以自动处持续维护和进行安全评估。
+
+第二种专注于对于过渡到DevSecOps很重要的安全检查点。而传统上，系统设计初期对于数据在各个组件之间移动时依旧可以访问是不做期望的。
+
+第三种也是最后一种涉及将公司方法用于军事软件开发。国防部的许多承包商和雇员来自商业领域，而不是军事领域。他们的背景为他们提供了为大型企业[提供网络安全] [13]的知识和经验，他们可以将其带入政府部门职位中。
+
+
+### 值得克服的挑战
+
+切换到基于DevSecOps的方法论也提出了一些挑战。在过去的十年中，许多组织已经完全重新设计了其开发的生命周期，以适应敏捷的开发实践，在不久之后进行再次切换看起来令人生畏。
+
+企业应该安下心来，因为即使国防部也遇到了这种过渡带来的麻烦，他们在应对推出新流程使得商业技术和工具广泛可用的挑战上并不孤独。
+
+展望一下未来，其实切换到DevSecOps不会比切换到敏捷开发更痛苦。而且通过将[创建安全性的价值] [4]添加到开发工作流程中，以及利用现有敏捷开发的优势，企业可以获得很多收益。
+
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/20/7/devsecops-vs-agile
+
+作者：[Sam Bocetta][a]
+选题：[lujun9972][b]
+译者：[windgeek](https://github.com/windgeek)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/sambocetta
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops_confusion_wall_questions.png?itok=zLS7K2JG (Brick wall between two people, a developer and an operations manager)
+[2]: https://tech.gsa.gov/guides/understanding_differences_agile_devsecops/
+[3]: https://www.redhat.com/en/topics/devops/what-is-devsecops
+[4]: https://www.redhat.com/en/topics/security
+[5]: https://surfshark.com/blog/does-vpn-protect-you-from-hackers
+[6]: https://www.infoq.com/articles/evolve-devops-devsecops/
+[7]: https://enterprisersproject.com/article/2019/9/agile-project-management-explained
+[8]: https://www.governmentciomedia.com/defense-innovation-board-issues-guide-detecting-agile-bs
+[9]: https://www.redhat.com/en/solutions/financial-services
+[10]: https://www.military.com/daily-news/2020/02/25/dod-agency-suffers-data-breach-potentially-compromising-ssns.html
+[11]: https://fcw.com/articles/2020/01/23/dod-devsecops-guidance-williams.aspx
+[12]: https://privacyaustralia.net/privacy-tools/
+[13]: https://www.securitymagazine.com/articles/88301-cybersecurity-is-standard-business-practice-for-large-companies