In the more ‘traditional’ organisations that I tend to work with there is still a lot of tension between enterprise architects (this is how we should do it), security (we need to stop it doing this), developers (we just want to get it done), and operations (we want it to work, with the minimum of fuss). The nirvana of DevSecOps seems a long way away, even the slightest nudge to the left seems like a massive win…:
[…] “Old security processes that put security at the middle or end of the process are just too expensive and inefficient now,” said Gina Smith, research manager at IDC Asia.
“Shifting security left – all the way to the planning stage – can dramatically improve efficiency and decrease cost. The bottom line is that it jumpstarts the output of quality code, which is what it is all about,” she added.