Is the Popularity of the ‘Shift-left’ Software Strategy Compromising Security?

One software trend that has risen to prominence in the IT industry is the shift-left strategy. In a nutshell, shift-left refers to the practice of implementing testing from the early stages of the DevOps cycle (i.e., the ‘left’ side if you imagine chart progression from left to right). This approach does come with certain advantages; however, there is a potential human cost to this labor-intensive strategy that may end up compromising the security and compliance of the software.

A recent survey of 600 C-level tech executives carried out by CloudBees showed that the majority (80%) favored the shift-left strategy in their software development process and considered it important for their companies. However, the burden for this early testing falls upon the developers, and over half of the surveyed executives reported that their development teams felt strained and overworked. Possibly as a result of this developer burnout, only 88% said they felt that their software supply chain was secure, down from 95% last year.

Balancing Priorities in Software Development

By initiating testing in the earlier stages of the software development life cycle, shift-left can make the development process more efficient by catching defects early on, rather than later in the production stages when they would be more time-consuming and expensive to fix.

The catch is that implementing shift-left with an existing team gives the developers more work to do. If the workload is not properly managed with adjustments to the timeline, or by upscaling the team, the pressure can lead to developers reconsidering their current job situation–especially during the IT industry’s ongoing talent shortage.

Security Compliance and Shift-Left

Security compliance is another pain point for the shift-left strategy. Recent cybersecurity guidelines from the NSA and CISA specifically cover the development process and the software supply chain. Under the shift-left paradigm, this places even more responsibility for security on the developers, as they must take compliance into account during testing.

Most CEOs surveyed still prioritize security over speed, but to strike a balance, the human element of the development process must be taken care of. Developers need to be rested and to feel valued in order to effectively perform their tasks and produce secure, high-quality software.

To read the original news article, click here.