"Rise of Security Champions: Application Development's Long-Awaited Evolution"

Application development can be related to Newton's Third Law of Motion, which states that for every action, there is an equal and opposite reaction. Developers want to develop, but it appears that whenever they want to do so, application security teams fire back with concerns about the application's safety, causing tension and slowing development. It is critical to explore ensuring security while maintaining a streamlined development process. A security champion program involves educating employees about best security practices in organizational behavior to reduce overall security risk. Security champions are people who would not normally be involved in security but are given extra training and incentives to represent security on their teams. The rise of security champions arose from a concern that the average developer is not measured on security and thus is not focused on maintaining it. There is a common misconception, particularly among those who use open-source code, that security is not part of the development process because it is not the developer's responsibility to ensure the code is secure, thus relying on the assumption that the code used is reliable. Although security teams are necessary, they are often viewed as bottlenecks in the process, preventing developers from continuously churning out code. This all leads to the formation of security champions on research and development teams who are trained in application security and serve as a bridge between the typical developer and the security team. Security champions are critical in the application development process because they help to reduce tensions between the security team and the developer. There are naturally two opposing forces, with developers eager to create and application security teams tasked with ensuring security standing. A security champion can act as an impartial arbitrator between the development team and the AppSec team, helping to highlight both perspectives so that both parties can comprehend the reasoning and actions of the other. This article continues to discuss the role of security champions in application development. 

BetaNews reports "Rise of Security Champions: Application Development's Long-Awaited Evolution"