Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
I’ve written a lot of articles about application security recently. I believe that this security sector will be the first fatality of the security engineering shift. That is, more developers will start to do application security, reducing the need for the traditional application security engineer. In addition, there’s already momentum for this shift given security’s desire to “shift left.” By doing this, security has lost control over this function and scaled themselves out of the job. Here are some articles on my thoughts on application security and why I believe the landscape is changing.
Another threat to application security is that the developer platforms, e.g. Github and Gitlab, already can provide the basic features, and they can do it for little to no upcharge. That’s why I believe Snyk’s approach of creating a platform for comprehensive code scanning won’t succeed. So how can application security companies and products succeed in this new reality? The answer is through using AI.
Some relevant realities of application security
I won’t rehash my previous articles, but as described above, there are threats to the current application security companies. Many are either outdated or struggling to find relevancy and keep up in a world where development practices are rapidly changing. There’s also a fundamental disconnect between where developers, who write the code, and security, who audit the code, believe the vulnerabilities lie.
Recent research has shown that developers know more about the problems, which makes sense because they hold context on the nuances in the application. However, they tend to lack the security context that application security engineers have. As a result, it’s easier to enable developers to do security, which makes the jobs of application security engineers more irrelevant by the day.
Yet, I believe there’s a way to create a better environment for both sides through AI. This is going to be a fundamental paradigm shift.
Keep reading with a 7-day free trial
Subscribe to Frankly Speaking to keep reading this post and get 7 days of free access to the full post archives.