DevSecOps Must Break AppSec’s Sisyphean Curse

The modern security landscape is one of ever evolving threats and challenges. Modern software engineers, Ops, IT infra, and SecOps often feel like Sisyphus. Every day we push a boulder to the top of a hill, only for it roll back down and start again. For every day we send out security patches, we apply vendor patches only to find out that tomorrow is always 0-Day, and more issues will arise. Our sand castles forever wash away. The dejection leads to normalization of security breaches which is not what a responsible organization would want. This struggle we find ourselves as an industry in has no light at end of the tunnel. We are taught there isn’t, because there is in fact not.Sisyphus from Greek mythology pushing a rock up hill.The issue is fundamental, ideological if you will. We react to security issues. We may plan, we may test our plans (and one should), but we fundamentally react. No matter how good you are under pressure you are certainly worse when you are reacting to events. You are off balance, and off guard. So our actions, while a best effort, and while even according to the plan may not be...
Read more