Originally, when DevOps emerged in software development, security wasn’t a focus. However, the growing use of cloud, open source software, and the shift to microservices highlighted security risks. DevSecOps initially emphasized early risk detection in the development cycle, known as “Shift Left.” Over time, it has evolved to include early detection, prevention, and remediation. In recent discussions, Matt Tesauro highlighted progress in auto-remediation and prevention capabilities within DevSecOps. While security practitioners can detect issues early, addressing them promptly remains a challenge. Consider an example of an organization with 10,000 log4j instances in its development infrastructure.
Additional Reads:
