The move by organizations to DevOps and other rapid development and deployment methodologies has challenged security. The old model of a separate application security team with exclusive responsibility to identify and prioritize vulnerabilities simply does not work in today’s environment. The need to release code quickly — and securely — requires a different approach.
“Shifting left” is a good goal. However, scarce security resources and the bottlenecks created by security testing are not compatible with the need for rapid time to market. Developers must take the lead for security in this new approach.