It’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release.
Given how security breaches and vulnerabilities have become everyday news, it makes little sense for developers to ignore the seriousness of secure coding anymore. Here’s a little secret though: developers are often not the most security-oriented folks for obvious reasons. It is not their primary duty. The priority for a software developer is to build an app, have it carry-out the intended tasks nicely and perhaps account for the overall user experience (UX) and satisfaction. If they are being diligent, they may incorporate basic ‘security checks’ as a part of their coding processes – such as not blindly trusting user input and sanitizing it, but beyond that, a developer may not alone have adequate bandwidth or expertise to incorporate the most superior security checks in an app.
A moment of honesty: despite working in DevSecOps for Sonatype I did not understand upfront what the buzzword meant for quite some time. I often questioned myself, “where does the benefit lie for organizations in this? Is this all a marketing fad?”
Over time, I have observed a trend and upward push in the industry to implement some sort of inherent ‘security’ as a part of their development workflow and here are the 5 benefits that immediately come to mind.
1. Spot vulnerabilities and bugs early on
While a developer may do their due diligence with regards to implementing basic-level security checks, nobody can know in this vast open-source ecosystem with millions of repositories, as stated by GitHub, how many software (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Akshay 'Ax' Sharma. Read the original post at: https://blog.sonatype.com/5-practical-ways-your-organization-benefits-from-devsecops