Vijitha ThungaQE Software Engineer Manager @ ServiceNow

Shift-left security in the Software Development Life Cycle (SDLC)

Shift-left security in the Software Development Life Cycle (SDLC) refers to the practice of integrating security measures and practices earlier in the development process. It typically starts from the initial stages such as planning and design and continues throughout the entire development lifecycle. This approach helps in identifying and mitigating security vulnerabilities early, reducing the cost and effort required to fix them later in the development process or after the software is deployed. Here are some key aspects which will be covered in the session:
Why is it important to have secure development process.
How to incorporate security in each phase of SDLC.
Implementation of security principles in each phase.
How can we achieve shift level security in SDLC process.

Key Takeaways
The first benefit is the SDL enables repeatable product security.

The second benefit is that it establishes a security standard. We want business units, products, and applications to have a standard. Over time, that standard will get more strict because we want security to get better continually.

Another benefit is it reduces our development costs over the long haul. Now, pay attention there. I said long haul on purpose. SDL will cost more in the short term, but in the long term, it’s going to save us money and development time because we’re not redoing anything. We’re not performing rework to fix vulnerabilities that were worked out in the SDL process.

The final benefit is an SDL reduces vulnerabilities.

I am Vijitha Thunga, currently working at ServiceNow as QE Software Engineer Manager. I have over 12+ years of experience in Software Engineering with a strong background in Automation, Devops and Security practices. I have proven track record of leading teams and projects in delivering high quality software solutions which are reliable and secure.

I am committed to excellence in my endeavours which is evident in numerous achievements including participating as core committee member for security track at GHC’22, Diversity, Equity, Inclusion, and Belonging Track at GHC’23. I was an active mentor at WIT’2020 and GHC’20 networking sessions. I have built my career as Manager from Individual contributor at ServiceNow and I also mentor, share my knowledge and expertise with others guiding them on their path to success.