DevSecOps Practices to Maintain Developer Velocity
By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development. The importance of DevSecOps can also be seen in the Synopsys “2023 Global State of DevSecOps” report, in which over 90% of 1,000 IT professionals noted that they incorporate some measure of DevSecOps activities into their software development pipelines.
But even with the wide adoption of DevSecOps, security and development teams still often find themselves at odds when manual application security testing is introduced into the software development life cycle (SDLC). Common complaints include application security testing (AST) tools’ complexity and high learning curves, slow performance, and “noisy” results causing friction—that is, anything that developers see preventing them from quickly building code.