WisdomTree
thematics-4.jpg

Shift-Left: Security is a Part of all Phases in Software Development

Publié le 18 mars 2021

Team8
Team8

Global venture group

Developing and managing software is more agile and faster than ever. Security can’t come after the fact, but needs to be shifted-left to the developers, embedding security considerations from the start in a DevSecOps model.

Drivers


Time to market is often prioritized over security. Developers are measured by how fast they can code, rather than on how securely. And business leaders are measured on how quickly they can provide new products and services to the market. With no time to fix insecure code at the source, security is often “bolted on” once the application is fully developed -- a risky approach. As a result, 42% of organizations that experienced an external attack blame the incident on a software security flaw and 35% blamed a buggy web application.1 In today’s dynamic environment of micro-releases and daily or weekly software updates, software developers need to maintain a security mindset and rely on controls throughout the coding process in order to get ahead of security issues. Despite this, the migration of a developer-driven security paradigm has been slow; Google reports only 20% of firms are considered “elite performers” with DevOps.2 ‘Shift-left’ highlights the need for security teams to work with developers from the very beginning of the development lifecycle to build-in information security and security automation. Ideally, developers are empowered to embed security while creating a product or service, with tools that not only make code more secure but also codify intent.

Impact - The farther left the shift, the more deeply security is integrated into the application development process. To achieve this, security professionals should hone their coding skills, and developers must be able to code with security in mind.

Solutions - Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), Secure Development Lifecycle, Developer Security Training, Container Security

Perspectives:

  • Defender’s Perspective - “One way to measure the speed of business is developer velocity. Developers are constantly adding features to applications, and if companies wish to remain competitive, modern day security has to move at the speed of business.” - Stephen Garcia, VP of Cybersecurity, FanDuel

  • Team8’s Attacker Perspective - “Shift-left creates several problems for the attacker. As software becomes more security robust, the chance of zero days is getting slim. However, sophisticated attackers can also shift left, adding malicious code or backdoors early in the development cycle before or after the source code is compiled. An example of this is the attack on the build system of SolarWinds. Instead of waiting for or finding a vulnerability, attackers changed the system just like a coder would, and created their own vulnerability.”

In our next blog, we will cover Smarter Security.

Related blogs

+ Introducing cybersecurity, the megatrend of the 2020s

+ Cloud security: A necessary component in digital transition planning

+ Security of Things: Dealing properly with the explosion of connected devices

+ Perimeterless world: Networks are becoming less tied to physical locations

+ Privacy & Digital Trust: 2010' s were about Data Collection, 2020' s will be about Data Protection

1 https://www.forrester.com/report/The+State+Of+Application+Security+2020/-/E-RES159057

2 https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

Related products

+ WCBR - WisdomTree Cybersecurity UCITS ETF - USD Acc

À propos du contributeur

Team8
Team8

Global venture group

Team8 is a global venture group that creates and invests in companies at the intersection of cyber, data, artificial intelligence and fintech. Leveraging an in-house, multi-disciplinary team of company-builders integrated with a dedicated community of C-level executives and thought leaders, Team8’s model is designed to identify big problems, ideate solutions, and accelerate success and impact through technology innovation. Team8’s leadership team includes serial entrepreneurs, industry pioneers and the former leadership of Israel’s elite tech and intelligence Unit 8200.

Best Workspaces - GPTW UK 2024
Best Workspaces for Development - GPTW UK 2024
Best Workspaces for Women - GPTW UK 2024
Best Workspaces in Financial Services & Insurance - GPTW UK 2024
Important Risk Information

Juridictions de l’Espace économique européen (« EEE ») : Ce site Web et son contenu ont été fournis et sont maintenus par WisdomTree Ireland Limited, une société autorisée et réglementée par la Banque centrale d’Irlande.

Juridictions en dehors de l’EEE : Ce site Web et son contenu ont été fournis et sont maintenus par WisdomTree UK Limited, une société autorisée et réglementée par l’instance de régulation du secteur financier au Royaume-Uni (United Kingdom Financial Conduct Authority).

Le cours des actions ou la valeur des investissements dans des ETP peuvent fluctuer à la hausse comme à la baisse et les investisseurs ne sont pas assurés de récupérer les montants investis. Les performances passées ne sauraient être un indicateur fiable des résultats futurs. Le présent document ne doit pas être considéré comme une prévision, une analyse financière ou une recommandation, non plus que comme une offre ou une sollicitation pour acheter ou vendre de quelconques instruments ou produits financiers ou pour adopter une quelconque stratégie d'investissement.

Veuillez cliquer ici pour lire notre clause de non-responsabilité dans son intégralité.

© 2026 WisdomTree, Inc. All Rights Reserved