Shift Left… it’s a term used almost ubiquitously across application security by both security practitioners implementing programs, regardless of scale, as well as just about every vendor selling an application security solution.
The idea that it’s faster, cheaper, and often easier to fix a security flaw when the code is being created (as opposed to later in the software development lifecycle (SDLC)) is widely accepted within the AppSec community. It only makes sense that we’ve moved towards using tools that identify risks earlier in the development process so developers can correct those issues immediately. But if this revolutionary philosophical change is being adopted en masse, why aren’t we seeing a giant reduction in application security issues across the threat spectrum?
The post Rethinking shift left: How a lack of context creates unnecessary friction between AppSec and Developers appeared first on Security Boulevard.