Why devs need to own App Security (opens in new tab)

(blog.arcjet.com)

6 pointsjerdog1y ago3 comments

3 comments

Devs do own application security. What many need to do is realize that.

If software has a serious flaw, security-related or not, that's on the developer. If the flaw is in a service/library/component/whatever made by someone else and used by the dev, that in no way means the dev is off the hook. The dev is responsible for the code they release whether they directly wrote it or not. The buck stops there.

bendechrai1y ago

Author of the article here, and I completely agree. With 25 years in web development, I've talked to many devs and given talks and workshops on developer security. In that time, I've seen many devs who want to care about security, but business priorities often push feature releases over security.

In the past, we handed apps to testers and moved on. Now, with PaaS (and to a certain extent IaaS), we sometimes get a false sense of security from network-layer protections.

Perhaps I'm too optimistic, but I'd love to see web devs equipped with the tools and knowledge to advocate for proactive security measures

JohnFen1y ago

> I'd love to see web devs equipped with the tools and knowledge to advocate for proactive security measures

I agree entirely. Not just web devs, either. All devs.

j / k navigate · click thread line to collapse

3 comments

JohnFen1y ago

Devs do own application security. What many need to do is realize that.

bendechrai1y ago

In the past, we handed apps to testers and moved on. Now, with PaaS (and to a certain extent IaaS), we sometimes get a false sense of security from network-layer protections.

Perhaps I'm too optimistic, but I'd love to see web devs equipped with the tools and knowledge to advocate for proactive security measures

JohnFen1y ago

> I'd love to see web devs equipped with the tools and knowledge to advocate for proactive security measures

I agree entirely. Not just web devs, either. All devs.

j / k navigate · click thread line to collapse