Navigating Security and App Development Team Tensions: The Six Keys to Success with Probely

  • Home
  • AppSec
  • Navigating Security and App Development Team Tensions: The Six Keys to Success with Probely

Navigating Security and App Development Team Tensions: The Six Keys to Success with Probely

There will always be a natural tension between cybersecurity teams and developers. Developers are paid to create and ship new applications, while security teams are responsible for ensuring that bad things don’t happen when new software is deployed, such as data breaches or loss of business services due to vulnerabilities.

While this dynamic can create strain between the two roles, it doesn’t have to be this way if steps are taken to increase understanding between the groups.

Unfortunately, many organizations don’t take these steps, leading to developers viewing security teams as a roadblock and security teams viewing developers as not taking security seriously enough.

There has been a lot of discussion on how to improve the relationship between developers and security teams, but success has been limited. That’s why I’m sharing lessons learned from managing an application security team at a large telecom, where we successfully balanced tensions between developers and security.

Every organization is different, with teams working in-house or remotely, with varying levels of experience in application security. What worked for us may not work for everyone, but incorporating these keys can help improve relationships between security and development teams.

Key Number One: Emphasize training.

Organizations should provide application security training to new developers, led by the AppSec team with someone who has development experience that developers respect. AppSec experts with development experience can understand the issues and frustrations developers face when security teams communicate poorly.

When an AppSec team includes former developers, the relationship between teams improves.

Key Number Two: Use real-world examples in training.

In AppSec training, we found success by using vulnerabilities found internally to make training more engaging and realistic.

Key Number Three: Remove the stigma of vulnerability discovery.

We presented examples of experienced security professionals with vulnerabilities in their own code to show that everyone makes mistakes. The important thing is to find and remove security defects.

Key Number Four: Teach the impact of vulnerabilities.

We showed developers how vulnerabilities can be exploited and the potential consequences. Understanding the impact of vulnerabilities motivates developers to fix issues.

Key Number Five: Understand what’s reasonable.

Security teams should ensure their requests are reasonable and provide clear explanations of identified issues. Providing tools designed for developers to use can help improve understanding and collaboration between teams.

While tensions between security and development teams will always exist, organizations can take steps to improve understanding and empathy, ultimately strengthening relationships between the teams.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC