Application Security: Stop Shifting Wrong

Application Security: Stop Shifting Wrong

The mantra “shift left” has emerged in the security and DevOps communities, but the words themselves are as confusing as the ideas being promoted to achieve them.

In principle, shifting left seems like an obvious idea. We’ve known for decades that security issues are often dramatically more expensive the later in the software life cycle they are discovered. So, taking security steps early in the software life cycle makes sense, as it puts the cost of security directly on the folks that are best able to avoid those security problems. For you economists, this is simply the Coase Theorem applied to security.