The problem with security is that it’s almost always an afterthought. This is a cultural problem to the extent that developers have been trained to prioritize functionality over all else. However, this is also a tooling problem, because developers shouldn’t spend the majority of their time combing over dependencies in an attempt to find potential security holes. In traditional companies, there’s a separate security team to offload this effort from developers, but this turns out to be an extremely ineffective way to solve the problem. The right solution is to change how developers think about security, while giving them the insight and automation they need to make good decisions as early in the development cycle as possible.
We’ll discuss the ways in which most security tools are outright hostile toward developers, and how we got there from a cultural perspective. We’ll talk about the needs of operations and security teams, and how those needs must be met in order to successfully apply the principles of DevOps to the security realm. Finally, we’ll take a look at the new and emerging tools that are bringing this brave future to us today.