Why Security Should Be Integrated into the Development Platform

[rakhirhif8963]

27.10.2023
Security must be considered an integrated and ongoing component of the application development and delivery process, writes James Sanders, principal analyst for cloud and infrastructure at CCS Insight, on The New Stack.

Software development as a discipline is inherently heuristic. This makes it periodically subject to the influence of social and management trends.

Practices like DevOps, Agile, and test-driven development have permeated startups and enterprises alike, as have other technological advances including cloud-native computing, event-driven architectures, and full-stack observability. These practices aim to improve software reliability and reduce developer effort, but achieving these albania mobile database comes with tradeoffs.

Security is an old topic, and as we know, maintaining an established corporate security system can conflict with creating a smooth application development and delivery process. However, it doesn’t have to be that way. Security should be considered an integrated and continuous component of the application development and delivery process.

Unsafe code comes before (and should come before) safe code.
Software problems typically fall into two categories: functionality or security. When building new applications, functionality and bug fixing take precedence over security. It is clear that most organizations incentivize measurable metrics like functionality over invisible attributes (like the absence of vulnerabilities). The problem is the role-based approach: developers are not inherently security experts; the development workflow is poorly suited to testing and validating security.