Placing security in the hands of developers

by Joseph K. Clark

Developers today are faced with an ever-changing landscape. Their responsibilities continue to expand into areas like software QA, security, and governance. In an SD Times Live! webinar, Brian Fox, CTO of Sonatype, and Steve Poole, developer advocate at Sonatype, discuss how security has become an essential part of a developer’s job.

According to Fox and Poole, one of the biggest struggles for developers entrusted with security practices is not initially trained in the security field. This lack of proper training leads to mismatched expectations on both ends. This is an almost unavoidable problem when two teams have to work together but do not speak the same language. 


A key solution to this problem would be for organizations to better enable their developers to understand security practices. Investing time into this would help to bridge the gap between development and security and make for a better outcome in the long run. 

Sonatype provides tools to developers to make this security integration more accessible, but according to Fox and Poole, organizations merely providing these tools is not enough; they have to make them understandable and accessible to their developers to see the desired results. 

According to Fox and Poole, as the developer domain changes, developers have a right to ask their organizations to provide long-term solutions to the problems they are now facing. They see the security shift to developers as a positive thing, but only if the proper tools and training are in place. 

“We have so much opportunity and so much stuff that will help, but we’ve been educated for a long time not to go looking for it,” Poole said, “And now is the time to turn that around and start putting effort into education… and taking a good look at the tools that are out there and seeing how much they can help you,” he concluded.

To learn more about the expanding developer domain into the world of security, watch the full talk “The Broad Responsibilities of the Expanding Developer Domain” on-demand now.

Related Posts

Leave a Comment