Agile development and DevOps are fueling the evolution of application life-cycle management (ALM) as delivery cycles continue to shrink. While the original promise of end-to-end visibility and traceability is still important, today’s ALM is more about continuous processes.
Jeff Williams, Co-Founder & CTO of Contrast Security, was recently featured in an article from SD Times on "Navigating the Endless ALM River." He was asked about the growing complexity of the software landscape and how it can be challenging from a security point of view. The explosion of libraries, APIs, microservices, mobile endpoints, and web services complicates security practices, and may even make them untenable.
Jeff had this to say about the security in the ALM:
“There are a zillion things to manage and keep track of in the process of moving apps to the cloud and operating them,” said Jeff Williams, CTO and cofounder of application security company Contrast Security. “Who is making sure that everything you thought was being enforced by security is actually protected? The core of the problem is we’ve spent several decades building up the list of things that we need assurance in. Now, when we move to the cloud, that list changes pretty dramatically. So it’s going to take a while for our security people, processes and technology to catch up.”
Machine learning and AI will probably help, and most security professionals anticipate that machine intelligence will transform software development as we know it—well beyond looking for outliers for security or testing purposes. More automation is coming, as are more analytics. People, processes and tools will have to adapt.