Developers play a bigger role in security

As companies shift their businesses to engage customers online, developers are becoming the center of innovation. As a result, these companies form teams around developers as they build DevOps and DevSecOps practices, and security and operational components move along with them as they build new features rapidly. I am doing it.

However, development and security have traditionally been in conflict. Development is a rapid transition to innovation, and security is risk management for an organization, which takes time. As development teams gained greater influence within the business, security leaders needed to change their mindset and find new ways to talk to developers.

Eric Swenson, vice president of product marketing for security solution provider Checkmarx, said that security enables secure development and goes beyond the stigma of “no division” and can pose risks, thus mitigating risk. Said that we need to work on.

A few years ago, Swenson said:I had a conversation with a friend who was a security architect for an online streaming company. I disputed his notion that security could be a gate or blocker. At some point he told me he wanted to shut down the website to prevent all sorts of data breaches and disruptions in business operations. And I said. “It’s interesting, but because of security risks, please contact the CEO and tell them to shut down the website. You may be moving to limit your career.”

DevOps (and DevSecOps) requires you to move security planning and testing to software development. The application is built in small pieces, moving the CI / CD pipeline and deploying to containers. Some teams are only working on the front end of the application. Others are working only on the backend, and others are working on integration. For this reason, security must be considered throughout the development life cycle, rather than waiting for the application to run in production. This increases the cost of fixing vulnerabilities and slows innovation.

“Developers check in and check out some of their applications, add features, and check in to a central repository as they progress through the development process. Developers are critical as early as possible in this process. Scanning for vulnerabilities provides an opportunity for shared ownership to protect your application, “Swenson explained.

Also, because applications are built from small services and components, it makes sense for the developers who create them to own everything, including security tests.

“For organizations that have adopted the DevOps philosophy for application development, part of that philosophy is to enable developers to use the tools and technologies they need to act quickly and innovate. , We need to shift our approach to a more consultative role with developers, “he said. “If you’re really thinking about the entire software development life cycle, it’s definitely an evolving process. Traditionally, the hard labor role of security has been to educate and guide development towards safe development best practices. We need to evolve. “

Developers play a bigger role in security

Source link Developers play a bigger role in security

Show More

Related Articles

Back to top button