The responsibility for security is often placed on the end users, less focus on the developers who are responsible for developing the products.
To successfully democratize security for developers, security must be the path of least resistance. It’s about making security the easiest choice. Building a safe application needs to be easier than building an unsafe one.
As Cisco’s Wendy Nather said in her RSA 2020 keynote, “Security should be designed to be adopted, not just designed to be enforced.”
With the increasing adoption of modern development practices, developers are encouraged to take the release management lifecycle of their products into their own hands. However, the fast pace of app development has made it a challenge for security teams – who often lack resources – to keep up. It is difficult for security teams to provide developers with timely, applicable, and actionable guidance. In the end, developers forego the necessary safety instructions that …