Fill in the economic rationale for shifting security left.

The core economic argument for shift-left security is that the cost to remediate a defect grows the later in the SDLC it is discovered — a flaw caught at design or in code review is far cheaper to fix than one found in production. The goal is to give developers fast security feedback in their own workflow without making security a bottleneck.

The cost to fix a defect rises sharply the later it is found, which is why security feedback is moved earlier (left) in the SDLC.

References

OWASP DevSecOps Guideline

Practice this in the app →