For years application security has been delegated to specialized teams working at the end of the development chain, but a number of developments in recent times have begun pushing security into the laps of developers.
The concept of “developer-first security” is being stirred by a cocktail of concerns, including demand by customers for more secure apps, compliance requirements by regulators, adoption of agile computing by organizations, and introduction of friendlier testing tools. “The earlier we can push security-related activities into the software development life cycle, the payoff for that will be huge,” said Amit Sethi, principal consultant for mobile security at Cigital, an application and software security consulting company.
“If you’re finding and fixing problems earlier in the software development life cycle, it’s cheaper to fix those problems,” Sethi added. “When you’re finding bugs in code, the earlier you find them the better off you are because you create fewer side effects when you fix them.”