Chapter 3. The Value of a Secure Software Development Environment

In an ideal world, identity security practices are included at every stage of the application development lifecycle. Every software component, tool, and process is secure by default and implemented using industry best practices. Your organization has bulletproof security controls in place to ensure updates, new code, and your software supply chain work safely as intended.

The problem is that our world isn’t ideal. No one would deny the importance of code security but every developer knows there’s a push-pull relationship between getting releases out fast and maintaining a secure code base. Usually, security is the one left behind.

Companies do better by establishing a secure software development environment – a shared set of tools, policies, and procedures that reduce the likelihood of vulnerabilities entering the development stream. This internal development platform (IDP) helps secure infrastructure with touch points across ...