DEV Community


Discussion on: If you want to build a treehouse, start at the bottom

ssimontis profile image
Scott Simontis

I wish more developers put proper emphasis on security. I often get told that I am overthinking things or "not focused on the MVP" when I raise security concerns, but my experience has been that if they aren't dealt with at the beginning, they never will. It's frightening being in charge of applications or sites where you can feel that the concern isn't if you will be breached, it's a matter of when .

I also often encounter an attitude that security is an Operations/DevOps problem and someone else will deal with it. Operations/DevOps are definitely involved in security, but that doesn't excuse developers from our duties. When it comes to advocating for a more bottom-focused approach and convincing leadership and teammates that security issues need to be taken more seriously, are there any strategies you have found to be very effective?