In her 2017 talk at BlackHat USA "Orange is the new Purple", April C. Wright talked about the need for collaboration between red teamers (our pen-testers, hackers, etc.) and the yellow teamers (our devs). This is a concept that sits at the core of bringing security into the DevOps discussion. Just as uniting Dev and Ops resulted in reduced friction between those two silos of the organization, this same approach can also reduce friction with security.
It is crucial that we work together from a common vocabulary. Security can't just write-up vulnerabilities with a bunch of security jargon, throw it over the wall in a report, and expect that the Devs will be able to address it. Security and devs need to work together, collaborate on remediations and ensure a common understanding and goal of securing the software.
Read more about DevSecOps in our dedicated hub, and of course feel free to comment and share your thoughts.
(The Infosec Color Wheel. Image by April Wright and Louis Cremen from hackernoon.com used with permission.)