Effective security requires a shared responsibility model. Developers are already overburdened with their primary tasks of writing code and delivering features, and we think it is not realistic to expect them to know everything about security, be responsible for triaging and handling incidents on their own, or consider all the implications of security.
Adding security responsibilities without proper support and integration can lead to frustration, resistance, and, ultimately, a less secure environment. Yet, their involvement in fixing code security issues is crucial and cannot be replaced by security work.
This article has been indexed from DZone Security Zone