Shifting Focus to Make DevSecOps Successful – Janet Worthington – ASW #258
What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days. Successful DevSecOps approaches can be so much more than just vulns and so much more than just tools. Sure, tools are useful for identifying known vulns in dependencies and new vulns in code, but teams that emphasize people and culture will find it easier to shift their attention to the security of their product and creating secure designs.
Segment Resources: Shift Everywhere is the bullet-train to secure software: https://www.forrester.com/blogs/shift-everywhere-is-the-bullet-train-to-secure-software/?refsearch=35020611696872306356 Forrester Software Composition Analysis (SCA) Wave: https://www.forrester.com/report/the-forrester-wave-tm-software-composition-analysis-q2-2023/RES178483?refsearch=35020611696863504716 Forrester Static Analysis Security Testing (SAST) Wave: https://www.forrester.com/report/the-forrester-wave-tm-static-application-security-testing-q3-2023/RES178489?scrollTo=FHqjnkXmzX
Announcements
Security Weekly Listeners: We are celebrating the milestone of reaching over 1,000 members of our CISO community. The Cybersecurity Collaboration Forum is a one-stop shop for executive collaboration comprised of CISOs across various industries. If you want to be part of this growing community of CISOs, join us as a member or technology partner. To learn more, visit: securityweekly.com/cybersecuritycollaboration
Guest
Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.