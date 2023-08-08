Securing software is paramount to realizing organizations’ need to safeguard sensitive data, ensure uptime of business-critical applications, and protect customers’ best interests. Traditionally, this responsibility has fallen to security and AppSec teams, which own the tools and processes that detect and mitigate security issues in the software pipeline. But with the shift to DevOps well underway, security teams are advocating for DevSecOps to ensure the deep and consistent integration of security standards across DevOps workflows and CI/CD pipelines.

The DevSecOps approach can take the pressure off triage and take security pressures off developers, and it is essential to establishing security gates in support of risk tolerance thresholds. But security teams continue to bear the responsibility of defining security testing policies, reviewing and prioritizing issues for remediation, and initiating remediation workflows. In response to this growing burden, organizations adopting DevSecOps practices have begun placing additional security responsibilities on development and engineering teams.

The goal: To reduce the backlog of vulnerabilities and insecure code in the pipeline so security teams can focus on identifying truly critical issues.

In order to achieve this goal, organizations are prescribing developer security training and fostering a culture of security among those directly responsible for writing secure code and fixing vulnerabilities.