The speed and scope of software development today is creating new challenges in ensuring the security of software. But they also create the opportunity to finally get application security right. Both the challenge and the opportunity stem, in part, from the fact that security is “shifting left.” The responsibility for ensuring the stability and security of software through production and customer usage is moving earlier in the cycle to include developers. This shift means security can get baked into code earlier, greatly increasing the chance of producing secure code without costly late-stage fixes.
But it also means a higher level of developer involvement in security, and often some work by the security team to get developers on board with the initiative. To ensure the success of your application security initiative, it’s essential to work closely with your developers so they understand the guidelines, strategies, policies, procedures and security risks involved with application security. What’s more, they must be prepared and equipped to operate securely within their particular development processes. Ryan O’Boyle, product security architect at CA Veracode, recently recorded a quick “chalkboard” video where he outlines our top 5 ways to get developer application security buy-in. Listen to Ryan as he walks you through:
Way No. 1: Timing: Bring in developers early in the planning process.
Way No. 2: Understanding: Learn about developers’ priorities and processes.
Way No. 3: Training: Most developers have no training on secure coding practices.
Way No. 4: Integrating: Work to integrate application security into existing developer tools and processes.
Way No. 5: Automating: Build tests into the pipeline through automation.
Watch Ryan’s short video get all the details on these five tactics, and set yourself up for AppSec success.
This is a Security Bloggers Network syndicated blog post authored by email@example.com (sciccone). Read the original post at: RSS | Veracode Blog