A common term used to describe DevSecOps is “shifting left” — the idea that quality assurance and security testing needs to happen earlier within the process. The term refers to the “waterfall” style of software development, which is generally portrayed as many elements shifting to the right in visualizations.
And, of course, there are a lot of good reasons for building a program with security near the start of the process. After all, it’s much harder to clean up from an insider threat than to prevent it in the first place.
What Are the Benefits of DevSecOps?
The advantages of DevSecOps are best reflected in what the discipline can help businesses avoid in the software development process.
In a 2015 blog post, Donald Firesmith, a researcher at Carnegie Mellon’s Software Engineering Institute, noted the risks that could emerge when testing security with a traditional waterfall-style development process, in which different elements are handled separately. With this approach, testers are often involved later in the process, which leads to challenges with debugging software that’s closer to completion, and less time to fix defects, making it more likely that end users will find those bugs instead of in-house developers.
“For decades, it has been well known that defects are more difficult and expensive to fix the later they are found in the lifecycle,” Firesmith wrote. “This phenomena is one reason why treating testing as a sequential phase at the end of…