In today’s digital economy, developers play a vital role in translating business needs into functional applications that drive revenue and improve processes. To do their jobs well, developers obviously must be able to deliver features at the rapid pace of changing business needs. Applications need to work. Less obviously, but just as important, developers have to deliver code with as little business risk as possible.
If a new application meets functionality requirements but causes a security breach in the process, the advantages to the business of that application may be outweighed by the costs. You can’t call your code or application great if it isn’t secure. That’s why the responsibility for software security has shifted to developers at many organizations. On a practical level, this means that, as a developer, you are shouldering more daily responsibility for testing and remediation of security vulnerabilities as code makes its way through the software development lifecycle (SDLC). For this reason, developers must be empowered to truly own application security as a function of overall application quality.
Now, the security team still offers a high degree of strategic support and consultative insight to help the process along. But in today’s DevOps and Agile environments, developers can no longer throw an untested application over the wall to security and expect the security team to take care of hardening it. Smart developers recognize that establishing a proactive stance on application security starts with knowledge. You know that you have to bring the same kind of thirst for knowledge about security best practices as you do for learning new languages, frameworks, and other tools.