Trade-offs and challenges of security
Every software team can have its own unique set of challenges to solve, be it technical or cultural. Before we dive into the specifics of DevSecOps, let’s try to understand what led to the need for an iteration of existing DevOps methodologies. Along the way, we will discuss why security can sometimes be seen as a resistive effort, instead of a positive push to continuous application delivery. In my experience working with different teams, there are four main patterns that I have commonly observed to be the root cause of this slow-down:
- Lack of ownership
- Last step in software delivery
- The rapid evolution of application architectures
- Outdated security tools
Let’s look at each of these in detail.
Lack of ownership
Often, developers and operation team members don’t feel responsible for the security posture of their applications. Being on the other side of the spectrum, which involves building new...
