Shall We Play a Coordination Game?
2 days ago
- #cooperation
- #security
- #devops
- Security should be treated as a business enabler, with its purpose aligned with software delivery performance, cooperating with DevOps.
- The relationship between security and DevOps is often adversarial, but can be understood through game theory as a coordination game with information asymmetry.
- Moral hazard arises when one party increases risk exposure because they are protected from the impact, potentially affecting both security and DevOps.
- Team reasoning emphasizes collective goals over individual interests, fostering cooperation by shifting focus to group identity and shared objectives.
- Using a hybrid of outcome and process accountability balances flexibility and adherence to standards, encouraging innovation while ensuring justification.
- Goals should be framed as complementary rather than conflicting to avoid perception issues and leverage concurrent goal pursuit effectively.
- Tools and practices that serve both security and DevOps can be highlighted with objective information to counteract dilution of instrumentality effects.
- Publicizing joint goals and rewards, along with emphasizing group salience, can improve coordination between security and DevOps teams.