Developer Security Software Composition Analysis — Withstand Security
Developer Security Software Composition Analysis — Withstand Security
https://www.withstandsecurity.com/blog-insights/2024-03-19-dev-sev-sca
In this post we talk about opening up the conversation of DevSec and what we can do from the developer side to think about security and the tooling that we utilize to build software.
The differences between application security and developer security are simple enough in principle, but go significantly further as soon as you get past the surface. Many people in the cyber security community seem to place a great emphasis on the effectiveness of application security but in many cases, will completely negate the secondary portion of this which is securing the individual who is responsible for introducing security bugs to the software. I'm not saying that to be harsh, mistakes are a simple part of life and without the proper tooling and education it is very easy to continue to produce mistakes especially when greeted with constricted timelines and consistent budget crunch.