Software security has been ‘shifting left’ in recent years. Thanks to movements like Agile and Dev(Sec)Ops, software developers are finding that they have to take more responsibility for the security of their code. By moving performance and security testing earlier in the development lifecycle it’s much easier to identify and capture defects and issues.
The reasons for this are largely rooted in the utter dominance of open source software and the increasingly distributed nature of the systems we’re building. To put it bluntly, if our software is open, and loosely connected, the opportunity for systems to be exploited by malignant actors grows vastly.
To tackle this we’re starting to see a wealth of platforms and tools emerge that are trying to support developers embrace security as a fundamental part of the development process. One such platform is Semmle, a code analysis platform designed to help developers and engineers identify issues quickly.
To find out more about Semmle – and the wider DevSecOps movement – we spoke to Chief Security Officer Fermin Serna in an edition of the Packt Podcast. He explained how Semmle works, what its trying to achieve, and placed it in the broader context of this ‘shift left’ that’s quickly becoming a new reality for many engineers.
Listen to the episode: