Blinded by the Tooling
March 28, 2019
DevSecOps (also referred to as shifting-left) is the practice of training and empowering the engineering team to identify and fix security defects earlier in the development process. Typically security assessments (penetration tests) are performed just before a code release is due to be deployed into production. This is not very agile and any serious issues found can disrupt delivery roadmaps. By adopting DevSecOps fewer issues are expected to be found during regular security assessments, meaning any remedial work should be easier and cheaper to implement. If your organisation is pursuing DevSecOps, great stuff.