In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.

As presented in our 2022 State of Secrets Sprawl report a single AppSec engineer has to handle more than 3.4K secrets occurrences a year! And this is only considering one type of vulnerability…

This has huge consequences if you want to release secure applications at the DevOps velocity. It means that to embed security controls into the DevOps culture, processes, and tools, you need to reduce friction and break the security silo. This is why application security needs to evolve towards a new shared responsibility model.