Key insights from AppSec Decoded to improve the ‘Sec’ in DevSecOps—what to know today. Credit: Synopsys "Change or die" applies to just about any business in any industry. If you don't adapt to evolving market demands and get better than you were last year, others who do will take your place. Which is why, in the software development world, it's very important--existential, even--to improve. These days, one of the keys to doing that is to get development, operations, and security teams--DevSecOps--to work more efficiently together. Fortunately, there are ways to do that, which was the focus of an AppSec Decoded conversation at the 2023 RSA Conference in San Francisco between Taylor Armerding, security advocate with the Synopsys Software Integrity Group, and Dr. Matias Madou, security expert, researcher, and CTO and co-founder of Secure Code Warrior. Madou realized early in his career that it was insufficient simply to detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers and make security less of a burden. He said one key to enabling the win-win-win for DevSecOps teams is to create software testing tools that "speak developer-speak ... that explain to developers why it's a problem, how they should fix it, and how they can prevent introducing the same problem the next time." Another key is to help developers with "upskilling." Too often, he said, the majority of the security budget is devoted to tools. While this is important, it shouldn't come at the expense of helping developers keep their skills current. "There's an underinvestment in making sure developers have the skills to absorb the information and create secure code," he said. "It's like a cyber gym--you don't just upskill once, and you're good for your entire career. Quite often, if you take a particular job, you need to upskill on a regular basis to be in touch with the latest and greatest." Finally, support for security needs to come from top to bottom, in the C-suite, and at the developer level. "To me, it's about making sure the entire culture lives and breathes secure code," Madou said. "That's the only way the organization can move forward at speed." Watch the full video interview here Related content brandpost Sponsored by Synopsys Using AI-generated code can lead to business risk If organizations want to enjoy the benefits of AI-generated code—software written at blazing speed by the equivalent of junior developers who don’t demand salaries, benefits, or vacations—the chatbots they use will require intense h By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Sep 13, 2023 7 mins Generative AI brandpost Sponsored by Synopsys Vendor consolidation can make securing software simpler, easier, and better—if you do it correctly Did you know that 75% of security and risk management leaders are looking to decrease the diversity of the vendors they use to provide software security tools and services? It’s time to join the conversation. By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Jul 21, 2023 5 mins Security brandpost Sponsored by Synopsys Cybersecurity recommendations—strengthening the government posture and engagement Nearly 60% of 335 cybersecurity recommendations the General Accounting Office has made for federal agencies since 2010 have not been implemented. Effective oversight must be implemented. By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Jun 26, 2023 7 mins Security brandpost Sponsored by Synopsys The light and dark of artificial intelligence Join the discussion on managing the risks and rewards of AI—just how disruptive will artificial intelligence become? By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Jun 26, 2023 3 mins Machine Learning Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe