DevSecOps and the shift left in security: how Semmle is supporting software developers [Podcast] – Packt Hub

Software security has been shifting left in recent years. Thanks to movements like Agile and Dev(Sec)Ops, software developers are finding that they have to take more responsibility for the security of their code. By moving performance and security testing earlier in the development lifecycle its much easier to identify and capture defects and issues.

The reasons for this are largely rooted in the utter dominance of open source software and the increasingly distributed nature of the systems were building. To put it bluntly, if our software is open, and loosely connected, the opportunity for systems to be exploited by malignant actors grows vastly.

To tackle this were starting to see a wealth of platforms and tools emerge that are trying to support developers embrace security as a fundamental part of the development process. One such platform is Semmle, a code analysis platform designed to help developers and engineers identify issues quickly.

To find out more about Semmle and the wider DevSecOps movement we spoke to Chief Security Officer Fermin Serna in an edition of the Packt Podcast. He explained how Semmle works, what its trying to achieve, and placed it in the broader context of this shift left thats quickly becoming a new reality for many engineers.

Listen to the episode:

To learn more about Semmle, visit its website here. You can also follow Fermin Serna on Twitter: @fjserna.

Read next:

5 reasons poor communication can sink DevSecOps

How Chaos Engineering can help predict and prevent cyber-attacks preemptively

Go here to see the original:
DevSecOps and the shift left in security: how Semmle is supporting software developers [Podcast] - Packt Hub