Wednesday, February 1, 2023
  • Zero-Trust Alone Won’t Save You
  • ChatGPT: Is its use of people’s data even legal?
  • Coalition Forecasts CVE Disclosure Spike in 2023
  • Organizations Preparing for Cyberwar
  • Security Compliance in 2023: The SaaS Guide

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Cloud Security DevOps Security Bloggers Network 

Home » Cybersecurity » Application Security » Shifting Left Is a Lie… Sort of

SBN

Shifting Left Is a Lie… Sort of

by Tim Erlin on March 6, 2019

It would be hard to be involved in technology in any way and not see the dramatic upward trend in DevOps adoption.

TechStrong Con 2023Sponsorships Available

In their January 2019 publication “Five Key Trends To Benchmark DevOps Progress,” Forrester research found that 56 percent of firms were ‘implementing, implemented or expanding’ DevOps. Further, 51 percent of adopters have embraced DevOps for either all new or all applications. Clearly, DevOps adoption is here and growing. As with any significant technology development, however, security is an important and oftentimes secondary consideration for many organizations. Some even view it as an obstacle to adoption for a period of time.

We’ve seen this pattern before with virtualization, and we’re still seeing it with cloud. Where are we with security and DevOps, then?

Tripwire recently conducted a survey in order to better understand the current status of security and DevOps.

The results showed that a vast majority of respondents (94 percent) are concerned about container security, with the highest percentages lacking knowledge (54 percent), visibility (52 percent) and the ability to assess containers prior to deployment (43 percent). And the concern isn’t unfounded. Sixty percent of respondents have had container security incidents in the last year. So while adoption continues to grow, security is a big issue for DevOps, especially for containers.

The resounding solution being promoted in the market is to ‘shift left.’ That is to say, move the application of security controls from the Ops side of the DevOps lifecycle to the Dev side. After all, identifying and addressing security findings prior to deployment is always better than in production. There’s nothing wrong with this statement. It’s accurate. But there are lies to be uncovered in this mantra of ‘shift left.’

Lie #1: Ops security isn’t really important if you shift left

It’s (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tim Erlin. Read the original post at: https://www.tripwire.com/state-of-security/devops/shifting-left-lie-sort/

March 6, 2019March 6, 2019 Tim Erlin Cloud, containers, DEVOPS, Shifting Left
  • ← SecurDPS Enterprise Honored in SC Media’s 30th Anniversary Awards
  • “Collection #1” Data Breach →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Chainguard Unveils Memory-Safe Linux Distribution
Another Password Manager Leak Bug: But KeePass Denies CVE
Security, Compliance Risks Complicate Cloud Migration Efforts 
QKD: The Key to a Resilient Future
VMware vRealize Log Insight VMSA-2023-0001 IOCs
Clarification of Obligations for the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
The Top 8 Phishlabs Competitors for 2023
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – ‘#226 – Black, White and Gray’
Six reasons why FedRAMP® matters to more than just the Feds

Upcoming Webinars

Wed 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Coalition Forecasts CVE Disclosure Spike in 2023
Application Security Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Coalition Forecasts CVE Disclosure Spike in 2023

February 1, 2023 Michael Vizard | 3 hours ago 0
Cybersecurity Featured Governance, Risk & Compliance Incident Response IoT & ICS Security News Security Boulevard (Original) Threat Intelligence Threats & Breaches Vulnerabilities 

Organizations Preparing for Cyberwar

February 1, 2023 George V. Hulme | 3 hours ago 0
Another Password Manager Leak Bug: But KeePass Denies CVE
Analytics & Intelligence API Security Application Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Malware Most Read This Week News Popular Post Securing Open Source Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Another Password Manager Leak Bug: But KeePass Denies CVE

January 31, 2023 Richi Jennings | Yesterday 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 417’

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 417’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.