Deploying a secure application has become just as important to most organizations as whatever core function the app will be conducting. An application that works fine but exposes an organization to a potential exploit is just as much a failure as an app that doesn’t function properly.
Back when the world moved at a slower pace, applications would be coded by developers. These applications would then be placed into a production environment by an operations team that was also typically in charge of security. If the operations team found a security flaw or vulnerability, the app would be sent back to the developers to fix. This was a time-consuming process that exposed organizations to a lot of risk by deploying vulnerable programs into their production environment.
The DevOps movement was spawned from this chaos, where developers and operations teams started working together to fix vulnerabilities before apps were deployed. Even then, there was not enough of an emphasis on cybersecurity. The development process for apps needed a dedicated security team that was separate from operations but able to work hand in hand with them as well as the developers.
This new focus on security is so popular today that most DevOps efforts have evolved into DevSecOps programs where development, security and operations work together to create and deploy secure apps.
In this new world of heightened threat awareness, developers are charged with baking security into applications as they create them. Sometimes called “security as code,” this approach can be highly effective by patching and fixing vulnerabilities before an app is deployed. Security as code requires special tools that can uncover hidden problems and vulnerabilities with both uncompiled and completed code.