Why devs need to own App Security(blog.arcjet.com) |
Why devs need to own App Security(blog.arcjet.com) |
If software has a serious flaw, security-related or not, that's on the developer. If the flaw is in a service/library/component/whatever made by someone else and used by the dev, that in no way means the dev is off the hook. The dev is responsible for the code they release whether they directly wrote it or not. The buck stops there.
In the past, we handed apps to testers and moved on. Now, with PaaS (and to a certain extent IaaS), we sometimes get a false sense of security from network-layer protections.
Perhaps I'm too optimistic, but I'd love to see web devs equipped with the tools and knowledge to advocate for proactive security measures
I agree entirely. Not just web devs, either. All devs.