It’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release.
Given how security breaches and vulnerabilities have become everyday news, it makes little sense for developers to ignore the seriousness of secure coding anymore. Here’s a little secret though: developers are often not the most security-oriented folks for obvious reasons. It is not their primary duty. The priority for a software developer is to build an app, have it carry-out the intended tasks nicely and perhaps account for the overall user experience (UX) and satisfaction. If they are being diligent, they may incorporate basic ‘security checks’ as a part of their coding processes – such as not blindly trusting user input and sanitizing it, but beyond that, a developer may not alone have adequate bandwidth or expertise to incorporate the most superior security checks in an app.