Secure Software from the Ground Up, Part 1 Why Shift-Left Security Makes Sense
Shift Left Securiy is all about making a software product secure from the ground up. This has some tangible advantages, not only for the end product, but also for the software development itself.
If faulty code and vulnerable open source components are detected early in the development process, costly bug fixes can be avoided.
Nowadays, computers and their software are permanently connected to the Internet. This requires – whether for smartphones or large–scale technical systems – a fundamentally more secure software. The old software production approach, which introduced testing for functionality and security late in the development process, has now lost its validity in this highly networked world.
If significant problems occur during testing, it may be necessary to start at a relatively early stage of software development. This not only creates a bottleneck, as several levels of the development process have to be crossed backwards; this old form of the software development process also disrupts modern processes such as DevOps, agile development and continuous integration, delivery and deployment.
