An organization may have made the great leap of integrating previously siloed teams in its software development and deployment processes by adopting DevOps practices. And for some security teams, while that scenario may even be the case, security code integration and processes is similar to a tennis match: the developers add the code, which is then volleyed over to the security team before sending the now-securitized code back to the developers who then send it back to security again for a final check. Or worse still, the security team does give its input until just before deployment, creating potential bottlenecks when getting the security right takes longer than expected. (And even worse still, of course, apps are shipped with glaring security holes and are only patched after a major breach).
Call it an example of DevOps growing pains if you will, but the need very often exists for security to “shift left” in continuous integration/continuous delivery (CI/CD) processes, Sonya Koptyev, director of evangelism at Twistlock, said in this episode of The New Stack Makers podcast hosted by Alex Williams, founder and editor-in-chief of The New Stack.