How Zhongtai Securities Achieved Advanced DevSecOps Maturity

Large enterprises have found that standardization and tool empowerment are key to success. The DevOps standards and the DevOps continuous delivery pipeline platform can significantly improve quality and efficiency, enhancing market competitiveness.

Recent Evaluation Announcement

On December 26, the China Academy of Information and Communications Technology (CAICT) announced the latest batch of DevOps and AIOps standard assessment results.

Zhongtai Securities Case

Zhongtai Securities participated in the assessment with its Online Business Processing System, which passed the Level 2 assessment of the DevSecOps security delivery and operation module, indicating an advanced domestic level.

To date, Zhongtai Securities has passed six CAICT DevOps standard assessments: one for continuous delivery, two for system and tool standards, and three for DevSecOps.

Interview Highlights

Interview with He Bo, Director of the FinTech Committee, and Dong Hongtao, Head of IT Management, reveals the following:

Adopting DevSecOps has integrated security throughout the development, delivery, and operation processes, providing clear guidance and best‑practice references.

Security culture, left‑shift of security requirements, and automation tools (SCA, IAST, DAST, SAST) have reduced vulnerability detection time and improved delivery efficiency.

Standard assessment helped refine security policies, embed them into the DevOps pipeline, and identify over 98% of vulnerabilities before release.

Implementation of DevSecOps has shortened development cycles (SAST 10‑20 min, DAST <30 min) and reduced operational risk.

Methodology

The company follows the R&D Operations Integration (DevOps) Capability Maturity Model, using it to benchmark against industry standards and guide its DevSecOps roadmap.

Future Plans

Zhongtai Securities will continue to improve its security‑by‑design approach, expand the DevSecOps toolchain, and further mature its capabilities.