The industry has progressively realized that cybersecurity largely depends on software developers.
Today, developers embrace agile methodologies, in particular Scrum, and sometimes SAFe for big projects.
Security teams traditionally have a very different culture based on risk assessment, compliance, and governance.
One of the goals of the ASF is to help security teams that interact with development teams embrace agility to interact most efficiently with them.
Traditionally, cybersecurity is implemented as a decision gate that applies at the end of a development cycle. This is slow, frustrating, and risky.
ASF provides baselines that can directly be integrated within agile cycles.
Managing risk at the development level provides a very good return on investment. We call that "shift to the left".
ASF is an opinionated framework, that has been designed by seasoned developers and security practitioners. It helps developers acquire a good security mindset, thanks to an efficient, agile collaboration with security teams.
Once developers understand and embrace security objectives, the organization will strongly improve its security posture.
As security is a process, it is essential to keep fruitful interactions between developers and security teams based on continuous iterative improvement.