DevSecOps: How to Bridge Development and Security
05.05.2021
Martin Knobloch
Martin Knobloch
The role of a chief information security officer (CISO) is fraught with contradictions. Keep corporate infrastructure secure, but not slow down the business. Work with developers to create more secure code, but not delay development. Often under-resourced, CISOs struggle to keep up with the day-to-day demands of common security issues that threaten the business. The rise of continuous integration and continuous deployment (CI/CD) and developer-centric development processes like DevOps only adds to their burden, writes Martin Knobloch, global AppSec strategist at Micro Focus, in TechBeacon.
, development teams feel squeezed by increasing demands for faster software delivery—i.e., faster time to market—while also being forced to be more flexible with business requirements, including malta mobile database testing. They have to adhere to arcane security requirements and work with reports containing cryptic vulnerability descriptions, making their jobs even more difficult. Security also often becomes a source of conflict, for example when developers have to wait weeks for security approval or when external penetration tests disrupt development and planning.
At first glance, these conflicts may seem inevitable and insurmountable. Let's look at how to build bridges in your organization to improve cyber resilience.
Ignorance and misconceptions
Very few application security professionals come from a software development background, and very few CISOs have software development experience. At most, their experience may come from small projects in college or scripting in their spare time.