A Better Way to Develop Software Security: Go Fast and Stay Safe

March 13, 2020 Michael Pittenger

The requirement for software security is putting greater demands on organizations. Security initiatives often start modestly; perhaps hiring external pen testers to find security issues in a web application. As security programs mature, the security toolbox gets larger and can include Static Analysis tools and services to scan code earlier in the Software Development Lifecycle (SDLC), Source Composition Analysis scanners to identify open source components with known vulnerabilities, and Interactive Analysis to identify vulnerabilities during normal functional testing.

While these tools will certainly find vulnerabilities, they can also meet resistance from development teams that are under pressure to deliver specific functionality by a specific date. It’s not that developers don’t care about security; nobody wants to build software that can be hacked. Instead, the concern is that these tools slow down development in an environment where going fast is valued.

The reason these tools slow down developers is that, in many organizations, they are the sole method of identifying vulnerabilities, and they only find them after the code is committed. Developers want to prevent bugs – not find them later.

There is a better way. Smart security teams are working with engineering to go fast and stay safe by anticipating threats and building controls to mitigate risk into the code. You can learn more about this by reading our article titled "Why scanning your code is not enough".

Previous Article
Why Balanced Software Development Accelerates Time to Market
Why Balanced Software Development Accelerates Time to Market

Do you think the friction between security and development slows down the SDLC? Learn how to manage securit...

Next Article
Leveraging Corporate Best Practices in Threat Modeling
Leveraging Corporate Best Practices in Threat Modeling

Smart organizations understand that taking a proactive approach to security and providing engineering with ...

Find out how our solution builds security and compliance into software.

Free Demo