ABSTRACT
Agile and Scrum software development lifecycles have all but displaced the rigorous activities, and most certainly displaced the notion of “phase containment,” which appsec professionals have counted on as a reliable means to prevent defects from creeping into subsequent phases. In essence, Agile and Scrum are based on the philosophy that software takes on a life of its own, constantly being improved, extended, and enhanced, and these changes can be delivered in hours, rather than weeks, months, or years. Shifting left requires that development teams address software security from the very inception of a project and in every step along the way to its manifestation. Changes in the software development paradigm forces change in the software security paradigm, which must work hand-in-hand with what development teams are expected to do. Shifting left in the development activity involves active use—and appropriate response—with security checks built directly into their integrated development environment—for example, Visual Studio or Eclipse.
