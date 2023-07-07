Scaling DevSecOps practices across product teams is critical but difficult to achieve. Software engineering leaders leading platform teams should integrate pertinent security tools as part of internal developer platforms to deliver secure software at scale. See Gartner research for a sample listing of tools – Cool Vendors in Platform Engineering for Scaling Application Security Practices and How to Select DevSecOps Tools for Secure Software Delivery.

A platform approach to supporting DevSecOps workflows reduces the potential attack surface while still enabling development teams to deliver at scale. Instead of having individual product teams implement security tools and practices at their own discretion, platform teams must provide “secure paved roads.” This ensures consistency and reduces the cognitive load of implementing security controls. The idea is to make the secure path the default path to production.

There are two prerequisite actions to making the secure path, the default path: