Way back in the day a long, long time ago DevSecOps began in 1976 and that began with a paper written that described the eleven attributes of quality. A lot of these concepts were very forward thinking. Now, you didn’t see a lot of security in the 70’s and there weren’t a lot of hackers or cases of software abuse unlike today where security has to be built into the software.

The initial generation of DevSecOps was more focused on tools and was a practice layered in between development and operations. The goal was to integrate security measures into the systems development life cycle but not slow down development. During this time developers carried the burden and expectation of reading and applying multiple policies while mitigating issues from dozens of varied security tools. All the while policies were kept outside of typical development tools and processes.

What’s the problem with this approach? It drastically limits the scalability and it’s unrealistic long term. AppSec is static and isn’t able to keep up with the ongoing demands for quality releases or to change quickly.

So what does the future of AppSec and DevSecOps look like? Good question. We know that AppSec is all about the process of development – adding and testing security features to prevent vulnerabilities. In this respect, it’s more important to establish the best policies, standards, and security processes than utilizing specific tools. Rather than focusing solely on speed and testing, modern DevSecOps is focused on doing the right thing, at the right time, based on a unique risk profile.

Looking into the future the mantra of software companies focused on prioritizing application security will be: move efficiently and fix things at the right time.

Want to learn more about you can finally realize the promise of DevSecOps? 

Read our guide on Application Security Orchestration & Correlation (ASOC) here!