I spend a lot of time thinking about how to get application security testing further left in the SDLC, especially for open source vulnerabilities. Of course, starting with DevSecOps or as some would call it “Just good DevOps” means you’ll scan early and often, fix critical defects fast, and embed security checks into continuous-integration pipelines.
And yet, as much as we see companies moving this direction I see another way we can move even further left:
...Read More