In Modern AppSec, DevSecOps Demands Cultural Change

In Modern AppSec, DevSecOps Demands Cultural Change

As creative as we can be on the development side, we must acknowledge the level of creativity and technical sophistication of our adversaries, the attackers. The reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.


Many organizations continue to defend against attacks using status-quo security solutions maintained by IT and security departments that haven’t innovated. In those organizations, teams are siloed, slowing development times, reducing software quality, and increasing the risk of a major security event.  


A shocking 29 percent of CEOs and chief information security officers (CISOs), along with 40 percent of chief security officers (CSOs), say their organizations are unprepared to deal with impacts from the ever-evolving threat landscape, pointing to factors such as increased supply chain complexity, the fast pace of digital innovation, and lack of executive support.


Modern application programs need a security culture that promotes collaboration between these teams. The organizational structure for developers and security teams needs to reflect they are working together to accomplish a well-defined set of goals, and they all need to be on the same page about what’s needed. 


This is especially important given the multitudinous challenges faced by IT and security teams, including dramatically increased complexity in software supply chains. Today’s software development pipelines are more complicated and automated, relying more heavily on third parties within the software development lifecycle (SDLC), meaning there are more systems and infrastructure to safeguard. Likewise, these changes have created a much larger and constantly changing attack surface for which application security (AppSec) teams are responsible. 


The only way for organizations to overcome these challenges and ensure application resilience is to create a robust DevSecOps environment. In this collaborative environment, teams can develop the best way to balance resources and ensure that critical security issues are addressed. Successful DevSecOps teams have a shared-responsibility mindset regarding security across the organization, and that mindset is backed by executive leadership. It’s an environment built on effective communication, with strong feedback loops and promoted by security champions from throughout the organization.


Keep reading >>> go.mend.io/3QB3TdO

To view or add a comment, sign in

More articles by Mend.io

Insights from the community

Explore topics