As a reformed software developer who now lives in the space between software creation and security I spend a lot of time thinking about why security is often considered separately to other elements of quality in our software. I wrote a longer post about this at Should software security be part of quality?
For example:
In a peer review of a pull request we will automatically look for things like poorly structured or performing code but for many teams, security review happens later (sometimes by another team entirely.
I'd love some thoughts from the dev.to community -
> How can we make security part of our 'ilities' and an essential part of our software process?
(without needing specialists or expensive tools).
Top comments (0)