DevSecOps Will Ensure That Time-to-Market and Security Don't Clash

According to a recent survey by Veracode, 52% of developers worry that application security will delay development and threaten deadlines. This is huge percentage, especially considering how crucial finding, fixing and preventing security vulnerabilities is to any development effort.

Any way you look at it, ensuring that quality code is also secure is complex. Traditionally, surfacing security vulnerabilities during design, development, deployment, upgrade, or maintenance were mitigated via:

• Design review – involves creating a threat model of the application, usually together with a spec or design document, even before the code is created.
• Tooling – using automated tools can lower human overhead, but you need to beware of false positives.
• Blackbox audit – involves security testing through another application
• Whitebox review – manual review of source code by a qualified engineer

Each of these techniques has its advantages, and each involves varying levels of time, effort, and cost – especially time. It’s exactly these types of before-the-fact or after-the-fact security reviews that developers fear – especially when time to market can make or break a project.

Read the full blog post here.