I recently prepared a talk for DOXMOUTH (a DevOps meetup in Bournemouth) on the topic of security as a shared responsibility. As it applies to product teams today. The theme its based on is how more and more businesses today are building software faster and with the velocity increasing behind software development so are the threats.
How are organisations responding the the increase in threats ?
At the end of the talk, the last question asked about who wears the security responsibility hat and I didn’t really get to the answer very fast. Enterprises that have a CISO usually require them to take the final responsibility for security from a regulatory perspective. While the work is done in the product teams the responsibility is higher up. Perhaps some responsibility also belongs to the Product Owner.