Dev is Prod
Everyone’s shifting left
It seems like everybody is shifting to CI/CD. Hopefully, they are involving security (‘shifting left’ on security), and security is engaging.
Discussions around security and CI/CD focus on security of the product under development, rather than details of the development tooling.
DevSecOps focuses on mitigating bugs and security problems early in the development lifecycle at best, and vulnerability scanning container artifacts as part of a deployment pipeline at worst (while still a net positive step). The data shows shifting security left in this fashion is a solidly positive impact for organizations 2.