Why the shift left dream has become a nightmare for security and developers
Summary
A Bleeping Computer article discusses the challenges of the "shift left" approach to security, noting that increased pressure on developers can lead to security being overlooked. A Qualys analysis of container images found that 7.3% were malicious, highlighting the need for default security measures at the infrastructure level.
IFF Assessment
The increasing pressure on developers to prioritize speed over security, coupled with the discovery of malicious container images, indicates a worsening threat landscape for defenders.
Defender Context
Defenders need to be aware of the increased risk stemming from the shift-left paradigm, where security checks may be bypassed due to pressure on developers. The high percentage of malicious container images underscores the necessity for robust infrastructure security, including image scanning and runtime protection. This points towards a trend of increased supply chain attacks targeting containerized environments.