Shift Left Security
Article Sidebar
Main Article Content
Abstract
Shift Left Security is a proactive approach to software development that aims to integrate security measures at the beginning of the software development lifecycle (SDLC) and at the design and development phases. In the past, security for software development has been reactive, looking for vulnerabilities at the test or deployment stages. However, this method has proven ineffective in the face of the complexity of these modern software systems and the frequency of cyber-attacks. Shift Left Security instead highlights embedding security practices from the beginning to capture vulnerabilities and detect and remediate them at the very beginning before they even hit the production stage. Continuous security testing, early risk assessment, and real-time feedback loops to rectify vulnerabilities immediately, given that solving them is critical during development, are a part of the proactive model. Shift Left Security integrates security into the SDLC, ensuring the security posture of the software applications is strengthened, post-release remediation is reduced, and time to market is accelerated. The significant advantage of it is that it lets organizations open up to a conversation around security as early as possible without the risk of it becoming an issue. Shift Left Security is an area of interest that this study explores in terms of its principles, benefits, challenges, and tools. This serves as a valuable offering that offers a hands-on approach to adopting this approach by organizations to achieve more secure, resilient software products through improved development efficiency and better protection against emerging cyber threats.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
A. Ahmad, I., Namal, S., Ylianttila, M., & Gurtov, “Security in software defined networks: A survey. IEEE Communications Surveys & Tutorials,” 17(4), 2317–2346, 2015.
D. A. Arrey, “Exploring the integration of security into software development life cycle (SDLC) methodology (Doctoral dissertation, Colorado Technical University),” 2019.
N. Dissanayake, M. Zahedi, A. Jayatilaka, and M. A. Babar, “A grounded theory of the role of coordination in software security patch management,” in Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021, pp. 793–805.
M. Deschene, “Embracing security in all phases of the software development life cycle: A Delphi study. Capella University,” 2016.
R. K. Raju, “Dynamic memory inference network for natural language inference. International Journal of Science and Research (IJSR),” 6(2), 2017.
M. Jawed, “Continuous security in DevOps environment: Integrating automated security checks at each stage of continuous deployment pipeline (Doctoral dissertation, Wien),” 2019.
T. Xu, M., Song, C., Ji, Y., Shih, M. W., Lu, K., Zheng, C., ... & Kim, “Toward engineering a secure android ecosystem: A survey of existing techniques. ACM Computing Surveys (CSUR),” 49(2), 1–47, 2016.
A. Chavan, “Eventual consistency vs. strong consistency: Making the right choice in microservices. International Journal of Software and Applications,” 14(3), 45–56, 2021.
B. Ransome, J., & Schoenfield, “Building in Security at Agile Speed. Auerbach Publications,” 2021.
A. CHAVAN, “Exploring event-driven architecture in microservices: Patterns, pitfalls, and best practices. International Journal of Software and Research Analysis,” 2021.
V. Boppana, “Secure Practices in Software Development. Global Research Review in Business and Economics [GRRBE],” 10(05), 2019.
F. Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, “Internet of Things security: A survey. Journal of Network and Computer Applications,” 88, 10–28, 2017.
N. Hassija, V., Chamola, V., Gupta, V., Jain, S., & Guizani, “A survey on supply chain security: Application areas, security threats, and solution architectures. IEEE Internet of Things Journal,” 8(8), 6222–6246, 2020.
M. A. Bell, S. C., & Orzen, “Lean IT: Enabling and sustaining your lean transformation. CRC Press,” 2016.
R. Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., & McQuaid, “Developing cyber resilient systems: a systems security engineering approach (No. NIST Special Publication (SP) 800-160 Vol. 2 (Draft)). National Institute of Standards and Technology,” 2019.
R. Pompon, “IT Security Risk Control Management: An Audit Preparation Plan. Apress,” 2016.
C. Deegan, “Continuous Security; Investigation of the DevOps Approach to Security (Doctoral dissertation, Dublin, National College of Ireland),” 2020.
D. Landoll, “The security risk assessment handbook: A complete guide for performing security risk assessments. CRC press,” 2021.
L. L. Kegan, R., & Lahey, “An everyone culture: Becoming a deliberately developmental organization. Harvard Business Review Press,” 2016.
S. Nyati, “Revolutionizing LTL carrier operations: A comprehensive analysis of an algorithm-driven pickup and delivery dispatching solution. International Journal of Science and Research (IJSR), 7(2), 1659-1666. Retrieved from,” 2018.
P. Sandhu, M. A., Shamsuzzoha, A., & Helo, “Does outsourcing always work? A critical evaluation for project business success. Benchmarking: An International Journal,” 25(7), 2198–2215, 2018.
M. I. Mateo Tudela, F., Bermejo Higuera, J. R., Bermejo Higuera, J., Sicilia Montalvo, J. A., & Argyros, “On combining static, dynamic and interactive analysis security testing tools to improve owasp top ten security vulnerability detection in web applications. Applied Sciences,” 10(24), 9119, 2020.
S. Graham Linck, E. J., Richmond, P. A., Tarailo-Graovac, M., Engelke, U., Kluijtmans, L. A., Coene, K. L., ... & Mostafavi, “metPropagate: network-guided propagation of metabolomic information for prioritization of metabolic disease genes. NPJ genomic medicine,” 5(1), 25, 2020.
P. Singh, V., Murarka, Y., Jaiswal, A., & Kanani, “Detection and classification of arrhythmia. International Journal of Grid and Distributed Computing,” 13(6), 2020.
A. V Ali, M., Khan, S. U., & Vasilakos, “Security in cloud computing: Opportunities and challenges. Information sciences,” 305, 357–383, 2015.
R. Aljawarneh, S. A., Alawneh, A., & Jaradat, “Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems,” 74, 385–392, 2017.
L. Bass, L., Weber, I., & Zhu, “DevOps: A software architect’s perspective. Addison-Wesley Professional,” 2015.
S. Assal, H., & Chiasson, “Security in the software development lifecycle. In Fourteenth symposium on usable privacy and security (SOUPS 2018) (pp. 281-296),” 2018.
A. Shajadi, “Automating security tests for web applications in continuous integration and deployment environment,” 2019.
J. D. Bailey, J. R., & Raelin, “Organizations don’t resist change, people do: Modeling individual reactions to organizational change through loss and terror management. Organization management journal,” 12(3), 125–138, 2015.
S. Sharma, “The DevOps adoption playbook: a guide to adopting DevOps in a multi-speed IT enterprise. John Wiley & Sons,” 2017.
A. Takanen, A., Demott, J. D., Miller, C., & Kettunen, “Fuzzing for software security testing and quality assurance. Artech House,” 2018.
V. V. R. Boda, “Balancing Speed and Safety: CI/CD in the World of Healthcare. Journal of Innovative Technologies,” 3(1), 2020.
F. E. Settembre-Blundo, D., González-Sánchez, R., Medina-Salgado, S., & García-Muiña, “Flexibility and resilience in corporate decision making: a new sustainability-based risk management system in uncertain times. Global Journal of Flexible Systems Management, 22(Suppl 2),” 107–132, 2021.
A. Kumar, “The convergence of predictive analytics in driving business intelligence and enhancing DevOps efficiency. International Journal of Computational Engineering and Management, 6(6), 118-142. Retrieved from,” 2019.
M. Derr, E., Bugiel, S., Fahl, S., Acar, Y., & Backes, “Keep me updated: An empirical study of third-party library updatability on android. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2187-2200).”
K. Shibuya, “Digital transformation of identity in the age of artificial intelligence,” Springer, 2020.
S. NYATI, “Transforming telematics in fleet management: Innovations in asset tracking, efficiency, and communication. International Journal of Science and Research (IJSR), 7(10), 1804-1810. Retrieved from,” 2018.
P. Laszewski, T., Arora, K., Farr, E., & Zonooz, “Cloud Native Architectures: Design high-availability and cost-effective applications for the cloud. Packt Publishing Ltd,” 2018.
P. Singh, V., Oza, M., Vaghela, H., & Kanani, “Auto-encoding progressive generative adversarial networks for 3D multi object scenes. In 2019 International Conference of Artificial Intelligence and Information Technology (ICAIIT) (pp. 481-485). IEEE.”
J. F. Samtani, S., Chinn, R., Chen, H., & Nunamaker Jr, “Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. Journal of Management Information Systems,” 34(4), 1023–1053, 2017.
C. A. Tschider, “Regulating the internet of things: discrimination, privacy, and cybersecurity in the artificial intelligence age. Denv. L. Rev., 96, 87,” 2018.