Incentivizing Developers is the Key to Better Security Practices

2021-10-05 07:41

AppSec teams were disliked by most developers because they would often send completed applications back into development to apply security patches or to rewrite code to remediate vulnerabilities.

The companies of today want the security offered by DevSecOps sadly, have been slow to reward developers who answer that call.

Within such a system, developers who take the time to learn about security and secure their code could actually be losing out on better performance reviews and lucrative bonuses that their less-security-aware colleagues continue to earn.

Some very skilled developers have decades of experience coding, but very little when it comes to security after all, it was never required of them.

The principle of JiT is that developers are served the right knowledge at just the right time, for example, if a JiT developer training tool detects that a programmer is creating an insecure piece of code, or is accidentally introducing a vulnerability into their application, it can activate and show the developer how they could fix that problem, and how to write more secure code to perform that same function in the future.

Want to put your security skills to the test against other developers all over the world? Check out Secure Code Warrior's Devlympics 2021, and you could take out a major prize in our global tournaments!

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/5zZ7T82tKAM/incentivizing-developers-is-key-to.html

#developer #security