Sophia College Software Development The Developer Role in Security Discussion
I’m studying for my Software Development class and need an explanation.
Web applications are complex and, by their runtime nature, involve multiple layers of services and servers. Web applications beg for the divide-and-conquer of software developer resources. As a developer on a team, you may be asked to develop client-side interfaces, middleware business logic, or backend database interfaces, all while programming your development security operating environment (or DevSecOps).
You may even have a security-focal in your organization or on your team. Does this mean security has been divided to these security-labeled individuals and can be considered conquered? The answer, as you will discover, is no. Wherever you find yourself, security is your responsibility. You will probably move around during your time with the team, going up and down the software stack, while adhering to the team’s chosen software development life cycle. Security concerns are found in every level of the software stack and in every step of any software development life cycle. In this assignment, you will have an opportunity to reflect on the importance of software security.
Begin by reading DevSecOps: A Systematic Approach for Secure Software Development, available through the Shapiro library. Then reflect on the questions below and provide your thoughts.
What is your role in conquering security concerns as a developer? What might that involve?
Where does security fall within the software stack and development life cycle?
How might you add security measures to transform a DevOps pipeline into a DevSecOps pipeline?
- The article suggests creating and following a plan to secure the entire DevOps life cycle. What is included in the suggested plan and would you recommend following it?