STACK 2022 - Plenary: Changed Responsibilities in Modern Software Development Environments

With business increasing the pressure and demand for flexibility of development teams, the agile movement was pushed to the limit. CI/CD was born to reduce manual steps and the errors that arise from them, as well as increase the speed of going live. With DevOps, the teams also took on application responsibilities, from cradle to grave. Nevertheless, software security is still missing in many full-stack developers' resumes and application security responsibilities are still pushed off to the security department. This is a real pity, because agile, CI/CD and DevOps are security-enabling practices. This session explains Shift-left and early security enablement in the development lifecycle. As the application development becomes more developer-centric, the developer’s toolset must include new capabilities to match the new challenges. Learn about rugged software and supply chain cleanliness, and how to avoid the common pitfalls of modern application development strategies. Hear why security champions programmes tend to fail, compliance-driven security training is a waste of time and money, and why security teams struggle and fail to integrate security tooling in release pipelines. Take back the best practices, proven solutions and Shift Left beyond the development.