Shifting security further left: DevSecOps becoming SecDevOps

2021-12-20 05:30

Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps - integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle.

"The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation," said Chris Wysopal, CTO at Veracode.

"We've already seen DevSecOps grow rapidly in maturity and now there's an opportunity to shift security even further left into the design phase to become SecDevOps."

With the rising cost and complexity of modern software development practices, businesses will increasingly require a comprehensive, fully integrated security platform with fewer disparate tools.

This shifts security even further left so that DevSecOps now becomes SecDevOps ensuring software is 'secure by design'.

Given the speed with which software vulnerabilities can develop, demonstrated as recently as the zero-day vulnerability in Log4j 2.x that is still being exploited, the criticality of continuous security and shifting even further left cannot be underestimated.

News URL

https://www.helpnetsecurity.com/2021/12/20/cybersecurity-software-development/

#devsecops #security