{"id":31364,"date":"2018-07-03T09:00:01","date_gmt":"2018-07-03T13:00:01","guid":{"rendered":"https:\/\/sdtimes.com\/?p=31364"},"modified":"2018-07-23T13:22:35","modified_gmt":"2018-07-23T17:22:35","slug":"application-security-needs-to-shift-left","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/","title":{"rendered":"Application security needs to shift left"},"content":{"rendered":"<p>As teams are pressured to release software more rapidly, more and more aspects of software development are being forced to \u201cshift left,\u201d moving up earlier in the development lifecycle.<\/p>\n<p>Because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought, said Rani Osnat, VP of product marketing at Aqua Security, a company that specializes in container security. \u201cThat\u2019s why we profess to shift left security and basically embed it as early as possible in the development process so that developers can do a lot of the work in advance as they deliver the applications and not expect to throw it over the fence and have someone else take care of it.\u201d<\/p>\n<p>Operations teams can no longer accept an application as is and plan on securing it once it is deployed in the runtime environment, Osnat said.<\/p>\n<p>Application security used to act as governance and as a gate that security teams applied to evaluate the security of software before it was deployed. \u201cI think as trends like agility or trends like continuous delivery or DevOps come into play, that role as a point-in-time gate and as a governance function is being questioned,\u201d John Steven, senior director of software security at Synopsys, an application security company, explained.<\/p>\n<p><strong>RELATED CONTENT: <a href=\"https:\/\/sdtimes.com\/security\/a-guide-to-devsecops-tools\/\">A guide to DevSecOps tools<\/a><\/strong><\/p>\n<p>He added that when teams go to implement security, they often search through regulations or information on the web to look for what they should care about. \u201cI think organizations are struggling to figure out what\u2019s the difference between what the web tells me I should look for in terms of security problem and what would impact my business in terms of risk,\u201d said Steven. \u201cAnd so they\u2019re struggling to figure out what they need to pay attention to.\u201d<\/p>\n<p>They question how attackers will explore their organization and attack its assets and how that is different from what they paid attention to in the past. They also question how they will adapt the sensors that are already in place to look for vulnerabilities, Steven explained.<\/p>\n<p><!--HubSpot Call-to-Action Code --><span id=\"hs-cta-wrapper-6adae754-fb90-4770-8d87-0454599030e5\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-6adae754-fb90-4770-8d87-0454599030e5\" class=\"hs-cta-node hs-cta-6adae754-fb90-4770-8d87-0454599030e5\"><!-- [if lte IE 8]>\n\n\n<div id=\"hs-cta-ie-element\"><\/div>\n\n\n<![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/3475429\/6adae754-fb90-4770-8d87-0454599030e5\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" id=\"hs-cta-img-6adae754-fb90-4770-8d87-0454599030e5\" class=\"hs-cta-img\" style=\"border-width: 0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/3475429\/6adae754-fb90-4770-8d87-0454599030e5.png\" alt=\"Embedding Security into your cloud-native pipeline\" width=\"728\" height=\"120\" \/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(3475429, '6adae754-fb90-4770-8d87-0454599030e5', {}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/p>\n<p>According to Arkadiy Miteiko, co-founder and CEO of CodeAI, an AI-based security platform, the top performers in the industry typically have three things implemented in their security workflows:<\/p>\n<ol>\n<li>They injected code analysis tools into the development process and enforced fixes prior to deployment,<\/li>\n<li>They automated attacks against pre-production code and prevent that code from reaching production if attacks are successful, and<\/li>\n<li>They continually test the production environment for weaknesses in an automated fashion.<\/li>\n<\/ol>\n<p>Though many organizations have already adopted DevOps, one trend is now DevSecOps, which adds a security team in addition to the development and operations teams.<\/p>\n<p>Osnat believes that security teams should be responsible for creating and enforcing security policies and determining what is an acceptable level of risk. The implementation of those policies, however, should be handled jointly by security and development teams.<\/p>\n<p>According to Osnat, there is a shortage of cybersecurity professionals, and that shortage is not getting any smaller. According to a survey published by the National Institute of Standards and Technology this June, there are 301,000 open cybersecurity jobs throughout the United States. A report from Cybersecurity Ventures predicts that the number of openings will rise to 3.5 million by 2021.<\/p>\n<p>\u201cOn the other hand, there are many more developers in the world,\u201d said Osnat. \u201cIf you look at it as a global issue, basically what\u2019s happening is that developers are developing more applications faster and delivering code faster than security can catch up to. That\u2019s something where really the only way to address it is not to just give more work to security, but to move some of the burden to the developers in using best practices to secure applications when they are developed. But, of course they need to be taught and told what they are expected to do. It\u2019s not something that you can expect them to just figure out on their own.\u201d<\/p>\n<p>The shortage of cybersecurity professionals can also be addressed by incorporating artificial intelligence into DevOps and security workflows. \u201cThe future belongs to intelligent machines which are able to augment some of the security testing functions while working alongside humans,\u201d he said. \u201cA shortage of skilled security professionals on both sides (AppSec and CyberSec), and their relatively high cost will drive an adoption of intelligent automation powered by AI systems and Quantum computing.\u201d<\/p>\n<p><strong>Shifting culture as well<\/strong><br \/>\nThere is also the issue that shifting testing left requires a huge cultural change within the organization. \u201cCultural imperatives are very hard for organizations to adopt because organizations reject culture change like viruses,\u201d said Synopsys\u2019 Steven.<\/p>\n<p>Even though the spirit of DevOps involves breaking down the silos between developers and operations, that does not always happen, explained Steven. Often, organizations will hire a DevOps engineer, typically reporting up to operations. \u201cThey\u2019ve taken this cultural imperative to break down the walls, and they\u2019ve turned it into a role in one of the silos, which is of course a perversion of the intent.\u201d<\/p>\n<p>\u201cI would hate for DevOps just to become a set of tools that a security group or operations group buys to engage developers more effectively, but they all stay in their silo,\u201d Steven continued.<\/p>\n<p>Steven explained that the companies that have successfully scaled up well and handled performance well, those are the companies that effectively broke down those silos. Those organizations made security everyone\u2019s job and the security team acted as a coach on the sidelines, while also enabling visibility into what was going well, what was going poorly, and where more time needed to be spent, he said.<\/p>\n<p>When organizations aren\u2019t able to break down those silos and let developers handle security, it may be a result of organizations not planning out their goals correctly from the top of the organization down to the individual teams, explained Pete Chestna, director of developer engagement at CA Veracode, a provider of an automated end-to-end service that simplifies application security. Companies should look at their goals and whether or not the development teams are accountable for what they build. If they\u2019re not, that\u2019s an area that needs to be addressed within the organization.<\/p>\n<p>When development teams have the option, they may push the responsibility onto some other group. \u201cOnce that becomes a non-option then they start to make that change real,\u201d said Chestna.<\/p>\n<p>\u201cThere\u2019s a lot of automation that you can do, which again is absolutely mandatory in these environments because of the speed in which code moves in the pipeline,\u201d said Osnat of Aqua Security. \u201cIt is just not manageable with purely manual control.\u201d<\/p>\n<p><strong>RELATED CONTENT:\u00a0<\/strong><a href=\"https:\/\/sdtimes.com\/security\/how-these-companies-can-help-make-your-applications-more-secure\/\"><strong>How these companies can help make your applications more secure<\/strong><\/a><\/p>\n<p><strong>A role for artificial intelligence<\/strong><br \/>\nIntroducing AI into the equation can solve some of the issues here. \u201cGenerally speaking, AI is extremely good at recognizing patterns and making statistical predictions based on its pattern recognition,\u201d said Miteiko, of CodeAI. \u201cNoise is a recognizable pattern. Once it has been recognized it can be filtered out. The quality and security issues that we are dealing with in code today are the same coding errors we fixed years ago.\u201d<\/p>\n<p>Shifting the burden to developers seems like the ideal solution, but often the developers\u2019 education did not properly prepare them to code securely. \u201cIt\u2019s a muscle that development organizations don\u2019t have,\u201d \u00a0CA Veracode\u2019s Chestna explained.<\/p>\n<p>\u201cIf you allow developers to continue to code incorrectly and then correct them later, you\u2019re not really helping them be better,\u201d said Chestna. \u201cDevOps is all about continuous improvement. So we need to take the knowledge of what they struggle with and we feed that back to them in the form of training and then measure whether or not that training was effective, and they would get better in that process.\u201d<\/p>\n<p>According to Chestna, the idea of coding securely can be taught, it is just a matter of whether organizations will put pressure on universities to change their curriculum. \u00a0\u201cThey\u2019re not going to do that until we change the requirements,\u201d he said. \u201cSo until you start to say that this is something that I want to hire, and I want your university to support this &#8211; that\u2019s something that\u2019s not going to happen, but that\u2019s really the shift left that I want to see.\u201d<\/p>\n<p>He explained that 25-30 years ago, students knew that when they wrote code, someone would test it afterwards. Later, students were taught to write tests as they coded, whether via test-driven development or unit tests.<\/p>\n<p>\u201cSimilarly, if we start to put security into the vain, we\u2019ll have the same effect where graduates walk into a company and know code it has to be secure, it has to function, and it has to perform well,\u201d said Chestna. \u201cThose are things where if they\u2019re taught earlier on, it just becomes part of their nature.\u201d<\/p>\n<p>Looking towards the future, many experts agree that there is still much to be done.<\/p>\n<p>\u201cI think the fact is it is growing,\u201d said Osnat. \u201cI think the first generation of solutions that were out there were very much tied to specific programming languages and specific environments. I think as we move into cloud-native applications a lot of these things start to go away because they are created to run in different environments, to be a lot more flexible.\u201d<\/p>\n<p>Osnat also believes that we are not very far away from a day where a lot of companies that provide development platforms will embed security tools in those platforms.<\/p>\n<p>\u201cIf, in the next five years, vendors are able to provide the industry with tools that have the capabilities required to win this security game we\u2019ll begin to see drastic improvements in the overall security posture,\u201d said Mitieko of CodeAI.<\/p>\n<p>In the future, the burden will not just fall to the developers and security teams. Software vendors will be expected to integrate security into their tooling as well.<\/p>\n<p>&nbsp;<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>As teams are pressured to release software more rapidly, more and more aspects of software development are being forced to \u201cshift left,\u201d moving up earlier in the development lifecycle. Because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought, said Rani Osnat, VP of  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":31369,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[2398,1],"tags":[8988,13242,12298,13782,8749,737,8570],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Application security needs to shift left - SD Times<\/title>\n<meta name=\"description\" content=\"Industry experts weigh in on the state of application security and where it is heading.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Application security needs to shift left - SD Times\" \/>\n<meta property=\"og:description\" content=\"Industry experts weigh in on the state of application security and where it is heading.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-03T13:00:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-07-23T17:22:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"371\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"Application security needs to shift left\",\"datePublished\":\"2018-07-03T13:00:01+00:00\",\"dateModified\":\"2018-07-23T17:22:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\"},\"wordCount\":1672,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg\",\"keywords\":[\"application security\",\"Aqua Security\",\"ca veracode\",\"CodeAI\",\"DevSecOps\",\"software\",\"Synopsys\"],\"articleSection\":[\"Buyers Guide\",\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\",\"url\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\",\"name\":\"Application security needs to shift left - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg\",\"datePublished\":\"2018-07-03T13:00:01+00:00\",\"dateModified\":\"2018-07-23T17:22:35+00:00\",\"description\":\"Industry experts weigh in on the state of application security and where it is heading.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg\",\"width\":660,\"height\":371,\"caption\":\"Young business people analyzing data displayed on computer screens in office\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Application security needs to shift left\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Application security needs to shift left - SD Times","description":"Industry experts weigh in on the state of application security and where it is heading.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/","og_locale":"en_US","og_type":"article","og_title":"Application security needs to shift left - SD Times","og_description":"Industry experts weigh in on the state of application security and where it is heading.","og_url":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2018-07-03T13:00:01+00:00","article_modified_time":"2018-07-23T17:22:35+00:00","og_image":[{"width":660,"height":371,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg","type":"image\/jpeg"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"Application security needs to shift left","datePublished":"2018-07-03T13:00:01+00:00","dateModified":"2018-07-23T17:22:35+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/"},"wordCount":1672,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg","keywords":["application security","Aqua Security","ca veracode","CodeAI","DevSecOps","software","Synopsys"],"articleSection":["Buyers Guide","Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/","url":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/","name":"Application security needs to shift left - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg","datePublished":"2018-07-03T13:00:01+00:00","dateModified":"2018-07-23T17:22:35+00:00","description":"Industry experts weigh in on the state of application security and where it is heading.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2018\/07\/DevSecOps-1.jpg","width":660,"height":371,"caption":"Young business people analyzing data displayed on computer screens in office"},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/application-security-needs-to-shift-left\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"Application security needs to shift left"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/31364"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=31364"}],"version-history":[{"count":8,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/31364\/revisions"}],"predecessor-version":[{"id":31419,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/31364\/revisions\/31419"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/31369"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=31364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=31364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=31364"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=31364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}