Security departments used to have the primary responsibility to ensure security goals, but as the pace of development has increased, organizations have shifted security left, which puts some of this responsibility on developers. Proper educational opportunities, a culture shift towards embracing security, and effective use of tooling where it actually counts are the primary ways … continue reading
As software becomes more sophisticated, the need for a security culture in organizations becomes more urgent. However, organizations’ security teams rarely have the necessary resources and expertise to support developers. In fact, the BSIMM 2016 survey indicates that for every 245 software engineers, there is 1 security expert. Not only do organizations lack the resources … continue reading
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment. According to Sonali Shah, VP of product management and marketing for CA Veracode, while the … continue reading