The shift to DevOps and DevSecOps has already happened, it’s only a question of when we all catch up. Organizations in all industries are creating software not only faster, but also more precise, collaborative, and incremental ways than ever before. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything from policies to training and tools. In turn, DevSecOps has a major implications for the development professional’s role in securing the software development process. With security’s shift left, and into the hands of the developer, the security team is no longer responsible for conducting security testing, but for enabling developers. Get a handle on this shift and what it means for you by attending our Virtual Summit, Assembling the Pieces of the DevSecOps Puzzle, on February 28. You’ll get practical tips and advice on a developer’s role in a DevSecOps world, including:
Shifting Left with Integrations
You may feel like you play a small or even no role in choosing and implementing security testing tools. But thanks to recent trends, any security tools that do not integrate seamlessly with current developer processes and workflows will be seen as disruptive and slow. Do you know who in your organization is choosing which tools are used? Developers can proactively champion tools that will work with the technology they’re already using to gain valuable synergy with Security teams and ensure all code is secured as early in the lifecycle as possible. This session will help you understand how, where, and when application security fits into a modern development organization.
Avoid Release Slowdowns with Security Champions
DevSecOps is about speed and precision, yet security is often seen by development managers as a training burden or blocking issue. There just aren’t enough security experts to go around. But how do you support all of the development teams? What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process? Attend this session to learn dos and don’ts from someone that has done it before.
Why Developer Security Training is Worth Doing and How it Can Be Implemented
Most developers have little to no formal security training, in fact – less than one in four were required to take a single college course on security. But Veracode scan data shows that developer training can have a significant impact on code quality, with eLearning leading to a 19% improvement in fix rates and Remediation Coaching improving fix rates by 88%. In this session you’ll get actionable advice from our own VP of Engineering on how to boost your own developers’ secure coding skills.
Make Security a Skill in Your Set: Attend our upcoming Virtual Summit to hear practical tips and advice on these topics and more from experts who have been, or are, practitioners – they’ve been there, and have invaluable insights and experience to share.
Sessions cover topics such as:
- How to tweak application security policies to not slow DevOps.
- Why security champions are important and how to develop them.
- The role of developer security training in DevOps and best practices for implementing it.
- How to shift security left by integrating security tools into existing tools and processes.
This is a Security Bloggers Network syndicated blog post authored by Neil@veracode.com (Neil). Read the original post at: RSS | Veracode Blog