Team Wabbi
September 30, 2022
Way back in the day a long, long time ago DevSecOps began in 1976 and that began with a paper written that described the eleven attributes of quality. A lot of these concepts were very forward thinking. Now, you didn’t see a lot of security in the 70’s and there weren’t a lot of hackers or cases of software abuse unlike today where security has to be built into the software.

The initial generation of DevSecOps was more focused on tools and was a practice layered in between development and operations. The goal was to integrate security measures into the systems development life cycle but not slow down development. During this time developers carried the burden and expectation of reading and applying multiple policies while mitigating issues from dozens of varied security tools. All the while policies were kept outside of typical development tools and processes.
What’s the problem with this approach? It drastically limits the scalability and it’s unrealistic long term. AppSec is static and isn’t able to keep up with the ongoing demands for quality releases or to change quickly.
So what does the future of AppSec and DevSecOps look like? Good question. We know that AppSec is all about the process of development – adding and testing security features to prevent vulnerabilities. In this respect, it’s more important to establish the best policies, standards, and security processes than utilizing specific tools. Rather than focusing solely on speed and testing, modern DevSecOps is focused on doing the right thing, at the right time, based on a unique risk profile.
Looking into the future the mantra of software companies focused on prioritizing application security will be: move efficiently and fix things at the right time.
Want to learn more about you can finally realize the promise of DevSecOps?
Read our guide on Application Security Orchestration & Correlation (ASOC) here!
Related Articles

Why Log4j is a Lesson in Prioritization
The recent Log4j vulnerability, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career,” forced many Security and Development teams to work through the holidays...

Wabbi enables Risk Management by Design with Release of Next-Gen Vulnerability Management in Release 23.1
BOSTON / Press Release / March 27, 2023 Wabbi, the leading provider of Application Security Orchestration & Correlation, announced today the launch of their next-generation vulnerability management solution. With this new offering, Wabbi is now the only tool that...

Why Log4j is a Lesson in Prioritization
The recent Log4j vulnerability, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career,” forced many Security and Development teams to work through the holidays...
What is ASOC (and why does it matter?)

Why Log4j is a Lesson in Prioritization
The recent Log4j vulnerability, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career,” forced many Security and Development teams to work through the holidays...
0 Comments