How to make developers love security

2023-06-07 05:00

In my last post I discussed how developers can be your security secret weapon but how to help them love doing security work? That's a whole other challenge!

Developers giving security the cold shoulder isn't just a myth: Industry surveys have repeatedly shown that engineers try to avoid security work, while security teams become frustrated at engineers' lack of action.

A "Pipelineless" approach to security allows you to easily establish and maintain 100% security scanning from day one and it opens the door to run security workflows earlier and more frequently.

In contrast to traditional security tools, pipelineless security should drive an increase in development velocity because you've eliminated the need for code changes in the pipeline as well as indiscriminate security to-do's in favor of security findings being sent directly to the appropriate person best equipped to solve the security issue quickly.

As we've discussed, traditional security tools will often push security vulnerabilities into a security backlog that has broad visibility across the development organization.

Success in this area is dependent on clear communication of what security and developers are each responsible for, but also of what security can automate on behalf of developers.

News URL

https://www.helpnetsecurity.com/2023/06/07/developers-security-tasks/

#developer #security