{"id":17,"date":"2022-09-30T23:27:43","date_gmt":"2022-10-01T04:27:43","guid":{"rendered":"https:\/\/waratek.com\/?page_id=17"},"modified":"2022-10-26T17:37:57","modified_gmt":"2022-10-26T22:37:57","slug":"chapter-1-why-security-as-code","status":"publish","type":"page","link":"https:\/\/waratek.com\/security-as-code\/chapter-1-why-security-as-code\/","title":{"rendered":"Chapter 1: Why Security-as-Code"},"content":{"rendered":"

Why Security-as-Code?<\/h2>\n

Every major company, regardless of industry, is now in the software business. To remain competitive, companies are shipping code faster and faster using agile methodologies.<\/p>\n

While this increased development speed is excellent for engineering teams and profitable for companies, it’s unsustainable for Security teams.<\/p>\n

We live in a world where 84% of software exploits happen at the application layer. Yet we rely on vintage security techniques at the network layer to protect enterprise applications and the millions of users that use them.<\/p>\n

Whether your organization uses a WAF, RASP, or a combination of SAST, DAST, or IAST, the only reliable approach to address these vulnerabilities is to patch the codebase.<\/p>\n

Still, we make assumptions about risk in the form of heuristics that require a significant amount of manual investigation. In today’s fast-paced world, where enterprises deploy code multiple times a day, Security teams must keep pace with each deployment where each code change can introduce new and previously patched vulnerabilities.<\/p>\n

Three factors make this increased speed unsustainable for Security teams:<\/p>\n

    \n
  1. Fixing vulnerabilities is manual<\/li>\n
  2. Existing tooling adds noise rather than value<\/li>\n
  3. Code changes lead to vulnerability regressions<\/li>\n<\/ol>\n

    Security-as-Code aims to fix these issues and enable Security to scale with modern software development.<\/p>\n