Skip to content

Reduce Friction between Developers & AppSec Teams

Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

Published on

Mar 22, 2022

Written by

Peter Morgan, President

Category

How-Tos

Share

The old adage of ‘software is eating the world’ is never more relevant than in today’s economic environment. Businesses of all sizes are rapidly developing software solutions to meet the increasing demand of a ‘digital-first relationship’ with their clients. Recent reports state that nearly 250 million applications were downloaded daily during 2019-2020; with an increase expected in the coming years.

The aforementioned market dynamics create both challenges and opportunities for the security leaders and AppSec teams responsible for secure software development. Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

According to a recent study, the main reasons for friction between developers and security practitioners are:

  • Security feedback lagging the development process.
  • Too many unactionable alerts.
  • The bottleneck caused by the need for manual review of scan results.

Many AppSec teams have taken initial steps towards integrating their efforts into developer workflows however, there is more work to be done to ensure the security activities are viewed as an enabler that assists developers in building secure software faster to meet the business demands.

Here are a few tips to securely operate at the pace of modern development:

  1. Establish mutual program goals, metrics, and cadence of communications at the executive level.
  2. Cross-train security and developers to increase collaboration via common languages and processes.
  3. Assign security personnel to the development projects in order to limit the misalignment.
  4. Integrate automated security checks throughout the SDLC to keep up with release cycles.
  5. Communicate remediated AppSec issues directly into the development tools (GitHub, GitLab etc).

To learn more about Phylum’s automated approach to modern application security by empowering developers with actionable insights, contact us for a conversation.

Subscribe to Our Research

Subscribe to Our Research

Latest Articles

Phylum Adds Rust and Go to Its Supported Languages
  |   Dec 10, 2022

Phylum Adds Rust and Go to Its Supported Languages

With these additions, we continue our commitment to providing the br...

Pick a Python Lockfile and Improve Security
  |   Nov 23, 2022

Pick a Python Lockfile and Improve Security

Python dependency management is a nightmare because there are so man...

Phylum Research Roundtable 2022
  |   Nov 21, 2022

Phylum Research Roundtable 2022

Watch the Phylum Research Roundtable where we discussed Software Sup...