Nielet D’mello

In the rapidly evolving landscape of modern software development, AppSec engineers like me, find ourselves operating in an environment of high agility and velocity. Securing things at scale and pace where security debt can potentially loom large as vulnerabilities and defects find their way into the product pipeline is a reality to account for. Naturally, AppSec professionals need to redefine their approach to working with engineering teams. This essay delves into the concept of maximum yesness.¹ Yesness refers to having a willingness or desire to succeed; to remove the boundaries that would ultimately cause you to fail. Applying this concept, and maximizing it to its full potential, is an approach that bridges the gap between security and development, fostering an environment where security becomes an enabler rather than an impediment. Maximum yesness signifies not just a willingness to say yes but doing so strategically and optimally by creating an environment where measures are not merely restrictive but contribute positively to the development process, ultimately fostering a culture of innovation and success.

Traditional security operates with the opposite paradigm. It defaults to saying no to ensure protection. As a result, security becomes a harsh, negative thing. It becomes ...