Skip to content

Reduce Friction between Developers & AppSec Teams

Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

The old adage of ‘software is eating the world’ is never more relevant than in today’s economic environment. Businesses of all sizes are rapidly developing software solutions to meet the increasing demand of a ‘digital-first relationship’ with their clients. Recent reports state that nearly 250 million applications were downloaded daily during 2019-2020; with an increase expected in the coming years.

The aforementioned market dynamics create both challenges and opportunities for the security leaders and AppSec teams responsible for secure software development. Successful organizations will make the shift to a developer first approach to application security and find ways to increase the collaboration with the development and security personnel.

According to a recent study, the main reasons for friction between developers and security practitioners are:

  • Security feedback lagging the development process.
  • Too many unactionable alerts.
  • The bottleneck caused by the need for manual review of scan results.

Many AppSec teams have taken initial steps towards integrating their efforts into developer workflows however, there is more work to be done to ensure the security activities are viewed as an enabler that assists developers in building secure software faster to meet the business demands.

Here are a few tips to securely operate at the pace of modern development:

  1. Establish mutual program goals, metrics, and cadence of communications at the executive level.
  2. Cross-train security and developers to increase collaboration via common languages and processes.
  3. Assign security personnel to the development projects in order to limit the misalignment.
  4. Integrate automated security checks throughout the SDLC to keep up with release cycles.
  5. Communicate remediated AppSec issues directly into the development tools (GitHub, GitLab etc).

To learn more about Phylum’s automated approach to modern application security by empowering developers with actionable insights, contact us for a conversation.

Subscribe to our weekly
email newsletter

Subscribe to our weekly email newsletter

Latest Articles

Phylum's Monthly Malware Report: May 2022 - Precarious Payloads
Research   |   May 19, 2022

Phylum's Monthly Malware Report: May 2022 - Precarious Payloads

To combat software supply chain attacks Phylum has been purpose-buil...

Phylum’s Monthly Malware Report: April 2022 - Malware Magnified
Research   |   Apr 19, 2022

Phylum’s Monthly Malware Report: April 2022 - Malware Magnified

In 30 days Phylum has processed a total of 647,928 packages across N...

Reduce Friction between Developers & AppSec Teams
Technical Tips   |   Mar 22, 2022

Reduce Friction between Developers & AppSec Teams

Successful organizations will make the shift to a developer first ap...