The Changelog: Software Development, Open Source

Shift left, seriously. (Interview)

Jan 26, 2024

Guest

Schalk Neethling

Join Justin Garrison, a security and DevOps expert, Deepak Prabhakara, co-founder of BoxyHQ, and Schalk Neethling, Community Manager at BoxyHQ, as they dive into the critical topic of shifting left in software security. They discuss how developers can take ownership of security early in the development process and the vital differences between authentication and authorization. The conversation highlights the importance of modern tooling, fostering a security-aware culture, and adapting to evolving software landscapes for more secure applications.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Shift Left Definition

Shifting left means moving responsibility closer to developers.
It applies to security, testing, and operations.

ADVICE

Ease Developer Burden

Use tools like Socket.dev to ease the burden of security on developers.
Don't expect developers to inspect every dependency.

ANECDOTE

MongoDB Security

MongoDB's default setting of no authentication led to many security breaches.
Default settings are crucial for security.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.

We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”

Join the discussion

Changelog++ members get a bonus 10 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Vercel – With zero configuration for over 35 frameworks, Vercel’s Frontend Cloud makes it easy for any team to deploy their apps. Today, you can get a 14-day free trial of Vercel Pro, or get a customized Enterprise demo from their team. Visit vercel.com/changelogpod to get started.
Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Read Write Own – Read, Write, Own: Building the Next Era of the Internet—a new book from entrepreneur and investor Chris Dixon—explores one possible solution to the internet’s authenticity problem: Blockchains. From AI that tracks its source material to generative programs that compensate—rather than cannibalize—creators. It’s a call to action for a more open, transparent, and democratic internet. One that opens the black box of AI, tracks the origins we see online, and much more. Order your copy of Read, Write, Own today at readwriteown.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Deepak Prabhakara – Website, GitHub, LinkedIn, X
Schalk Neethling – Website, GitHub, LinkedIn, Mastodon
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Justin Garrison – GitHub, LinkedIn, X

Show Notes:

BoxyHQ.com
SAML Jackson - Enterprise SSO made simple
Enterprise SaaS Starter Kit
MVSP (Minimum Viable Secure Product
Minimum Viable Secure Product (MVSP) checklist

Something missing or broken? PRs welcome!