Once upon a time, there was a great battle between speed and security. Development wanted to go fast. But, Security wanted to slow down and be safe.
“We must protect our gilded apps”, cried the application security team.
“Speed is cherished by our people”, declared the development team.
For years, they endured the pain of testing late in the lifecycle, sorting through reams of false positive reports, and dealing with the added cost of pushing bad software out the door. They knew there had to be a better way…
And then came, The DevOps Revolution. The DevOps team had an answer. “Let’s bring Application Security and Development closer together — and shift its focus further to the left”. The DevOps team knew that by introducing awareness of security vulnerabilities and policies early in and across the software development lifecycle — without creating a time-consuming tax on development — that both teams could win.
During an evening event named “Wining Not Whining” at the RSA Conference 2014, we gathered some of the top DevOps experts and influencers and asked them “Why is application security so important to the DevOps revolution?”