Matt, Chris, and Izar talk about ensuring security within the developer toolset and the developer experience (DevEx). Prompted by a recent LinkedIn post by Matt Johansen, they explore the concept of "secure by default" tools. The conversation highlights the importance of not solely relying on tools but also considering the developer experience, suggesting that even with secure tools, the ultimate responsibility for security lies with the developers and the organization.
The trio also discusses the role of DevEx champions in advocating for security within development processes, emphasizing the need for a balance between security and usability to prevent developers from seeking workarounds. They touch upon integrating security into the developer workflow, known as "shifting left," and the potential downsides of overburdening developers with security responsibilities.
There's a recurring theme of the complexity and challenges in achieving a "secure by default" stance, acknowledging the difficulty in defining and implementing this concept. The conversation concludes with an acknowledgment that while progress is being made in understanding and implementing security within DevEx, there's still a long way to go, and the need for further clarification and discussion on these topics is evident.
Matt Johansen's Original Post:
https://www.linkedin.com/posts/matthewjohansen_i-really-feel-like-a-lot-of-security-problems-activity-7170811256856141825-lKyx
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel
Thanks for Listening!
