How adopting a security first mindset improves everything
It's time we stop tacking security on "at the end" and start adopting modern best practices. Capture your control processes and integrate security into your SDLC from day one.
I love this post by Tiexin Guo. He’s spot on about how we need to approach security in the modern software development era. As he points out, the “old way” of tacking security on “at the end” of a project is just not viable. Likewise, doing it manually with hands-on-keyboard testing won’t cut it.
Today’s software architectures are too complex. The “old way” might have worked well enough for single-server monoliths where everything was self contained. Today there’s just too many disparate and fast-moving parts to be successful with a dated security model. Instead of a single language, a single database, and a single front-end we’ve got multi-cloud distributed deployments, often dozens of components and sometimes even a dozen languages and scripting dialects — all in a single application.
Teams are bigger today, too — an expected consequence of emerging complexity. A small team of 20-30 people in the 90’s has today morphed into a much more distributed, loosely associated group. That 30 p…
Keep reading with a 7-day free trial
Subscribe to Customer Obsessed Engineering to keep reading this post and get 7 days of free access to the full post archives.