Skip to content

Reduce Friction between Developers & AppSec Teams

Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

Published on

Mar 22, 2022

Written by

Peter Morgan, President

Category

How-Tos

The old adage of ‘software is eating the world’ is never more relevant than in today’s economic environment. Businesses of all sizes are rapidly developing software solutions to meet the increasing demand of a ‘digital-first relationship’ with their clients. Recent reports state that nearly 250 million applications were downloaded daily during 2019-2020; with an increase expected in the coming years.

The aforementioned market dynamics create both challenges and opportunities for the security leaders and AppSec teams responsible for secure software development. Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

According to a recent study, the main reasons for friction between developers and security practitioners are:

  • Security feedback lagging the development process.
  • Too many unactionable alerts.
  • The bottleneck caused by the need for manual review of scan results.

Many AppSec teams have taken initial steps towards integrating their efforts into developer workflows however, there is more work to be done to ensure the security activities are viewed as an enabler that assists developers in building secure software faster to meet the business demands.

Here are a few tips to securely operate at the pace of modern development:

  1. Establish mutual program goals, metrics, and cadence of communications at the executive level.
  2. Cross-train security and developers to increase collaboration via common languages and processes.
  3. Assign security personnel to the development projects in order to limit the misalignment.
  4. Integrate automated security checks throughout the SDLC to keep up with release cycles.
  5. Communicate remediated AppSec issues directly into the development tools (GitHub, GitLab etc).

To learn more about Phylum’s automated approach to modern application security by empowering developers with actionable insights, contact us for a conversation.

Subscribe to our weekly
email newsletter

Subscribe to our weekly email newsletter

Latest Articles

Achieve Policy Automation in Open-Source Software
How-Tos   |   Sep 22, 2022

Achieve Policy Automation in Open-Source Software

Phylum provides tools to proactively manage policy and allows organi...

Loading WASM Extensions
How-Tos   |   Sep 09, 2022

Loading WASM Extensions

Phylum extensions can load Typescript and run Web Assembly. Enablin...

Build Your Own Software Supply Chain Extensions
How-Tos   |   Aug 24, 2022

Build Your Own Software Supply Chain Extensions

Phylum has added support for Software Supply Chain Extensions. Addin...