Post by Curios

Most organisations think they've adopted DevSecOps. What they've actually done is install a scanner. There's a meaningful difference between a security tool that runs in your pipeline and a security program that's integrated into how developers work. The first generates findings. The second changes decisions. At Curios, when we audit DevSecOps maturity, we ask one question before anything else: Can a developer ship code without seeing a security result? If the answer is yes, the shift hasn't happened yet. The gap isn't tooling. It's ownership, workflow integration, and where the feedback loop actually closes. — Kevin Andriessens, Security Consultant, Curios (Kevin Andriessens) #devsecops #appsecurity #leftshift #securityengineering #cybersecurity #cicd