Developer adoption is the key to security

To summarize, developer adoption is a core goal that helps us as a business to improve our overall security posture. To achieve strong and natural adoption, it’s important to create a collaborative culture in which your security team and development teams talk the same language, working together to achieve shared goals. The security team is no longer there to audit and give more work to the engineering teams. They’re there to support and enable engineers to find and tackle security issues as early, quickly and effectively as possible. Engineering teams need to see security teams and the group that empowers them to achieve that, and they should reach out for help when that isn’t the case.

This paper covered three areas of change providing example activities that we have seen work effectively to improve developer adoption: Culture, Process, and Tooling. With all three of these, it’s essential to involve both development and security teams in the creation or changes to existing processes, programs or tooling choices. Furthermore, take time to learn about your development organization, how they like to work, by team, and build a strategy on how to deal with the variance of team maturities and performance.

Get your teams involved

As you go forward in adopting or trying out ideas from this paper in your organization, be sure not just to involve your wider teams as part of the planning and decision making process, but be very intentional about the speed with which you roll out the new initiative. Make sure at all times that you’re not overwhelming your engineers, but rather getting them to adopt at the speed with which they have capacity for, so that they can build a secure development muscle sustainably. Good luck!