Security Automation: Where Does It Fit In Your Secure SDLC?

In the fast-paced environment of software development, teams are constantly finding themselves having to do more with less. 

The pressure to produce new features and push out new versions on a shortened time frame can feel overwhelming for software development teams, no matter if you are a small startup or part of an industry-leading enterprise.

One of the biggest challenges facing development teams today is to ensure that their products are free of security vulnerabilities that can be exploited by hackers, putting their customers’ data and the company’s future at risk. Whereas in a previous era the responsibility for securing the product may have fallen on security professionals, their attention is mainly directed into other security areas, leaving the brunt of vulnerabilities management on the developers’ shoulders.

So with their limited resources of time, how are developers meant to take on the heavy lift that is ensuring the security of their projects? With potentially millions of lines of code to manage for vulnerabilities, organizations have turned to automated technologies to test, poke, and of course, prod as their products move along through the Software Development Lifecycle (SDLC) and on out to deployment.

Security Automation — The Force Multiplier

When it comes to figuring out complex, difficult to solve problems, there is nothing more potent than an experienced engineer who can bring creativity and hard-won know-how to the table. 

For everything else there’s automation.

We have arrived at the point where many of the tasks involved in vulnerability management can be delegated to automated AppSec tools. These technologies are capable of carrying out the grunt work of spinning up properly configured environments on servers, checking code for risk factors like common mistakes in code, identifying open source components with known (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: