How DPE can speed development — and boost your AppSec

Developers have seen plenty of tools and methods come and go. Agile development was followed by DevOps and then by platform engineering, all of them aiming to make it easier  code efficiently, creatively, and securely.

Now comes developer productivity engineering (DPE), which promises to help developers speed up and automate tasks — while also removing friction in development processes — so that they can produce better code with fewer hassles.

In a recent ReversingLabs webinar titled “Ship Fast, Stay Secure: A Developer’s Guide to Productivity,” two security experts explained that DPE also has a valuable role in helping developers and enterprises improve the security of their applications.

Baruch Sadogursky, head of developer relations at Tuxcare, said DPE “makes secure development practical rather than aspirational.”

And in the world of critical application security (AppSec) requirements, this is a major side benefit of DPE, especially when developers are focused on speed even at companies that are security-conscious, Sadogursky said. 

While DPE’s core mission is productivity, security benefits emerge naturally from better feedback loops, automated checks, and reproducible builds, Sadogursky said. One of developers’ biggest needs is reducing friction at every step, which is a key benefit of DPE. 

[DPE] reduces waiting, manual toil, flaky tests, bad feedback loops, and cognitive load. It is about delivering a smoother, faster, smarter dev experience.

Baruch Sadogursky

See webinar: Ship Fast, Stay Secure: The Developer's Guide to Productivity

DPE’s security value-add for enterprises

DPE also is capable of dramatically improving code security as it is being written, Sadogursky said. “DPE helps operationalize secure practices by automating them, shifting them left, and making them faster and more consistent.”

DPE does not replace other security steps, however. “You still need to integrate [application security testing] tools into your builds and pipelines; secure your caches, runners, and dev environments; and track supply chain risks,” said Sadogursky. “DPE provides you with the platform, but you still need to integrate the right security tools.”

While platform engineering provides developers with curated and managed tool packages to use in creating their code, DPE is focused on development loop optimization that speeds up feedback, making coding, testing, and building applications friendlier, Sadogursky said. 

Platform engineering is what to build on. Developer productivity engineering is how fast and well you can build with it.

Baruch Sadogursky

So how does DPE directly help with improving AppSec? By reducing resistance to secure workflows, Sadogursky said. “When security does not slow down developers, it gets adopted. That is where developer productivity engineering shines.” 

Ultimately, one of the values of DPE is that it helps companies scale quality and security without slowing down their development teams, which is a critical capability, he said. 

It creates a system where good practices are built in, not bolted on. That is how DPE turns productivity gains into security wins.

Baruch Sadogursky

Development teams, administrators, and enterprises that use DPE should not turn a blind eye to security after adopting it, said Sadogursky. 

It is not set and forget. You need ownership, iteration, and observability. Instead, DPE success equals tooling plus culture plus feedback loops. Not all development organizations are ready for it, so you need some baseline process maturity to achieve the full value.

Baruch Sadogursky

Making security a key ingredient, not an afterthought

Umbrella Security Operations CEO and co-founder Valdet Camaj, who also participated in the webinar, said that DPE helps improve the security and management of software, which makes it a smart choice for development teams today.

From my perspective, you can manage [development] easier. You have a dedicated pool of resources, a pool of applications where … it is simpler, easier, more modern.

Valdet Camaj

DPE also allows organizations to think about security throughout the development process, rather than being just an afterthought, Camaj said. “Traditionally, security is often thought of by developers as a last step, which can cause problems for enterprises,” he said.

Using DPE can help prevent that by bringing security to the fore and building it in as the code is assembled, he said. “So having a great plan is a good plan.”

This is beneficial for both developers and their managers, Camaj said. 

So there is security on the top … And then we create a culture in our company where all people start to think like that.

Valdet Camaj

DPE can help dev teams be better students

Sadogursky said that DPE also helps developers and their admins and managers produce safer code because it can reduce their manual security burdens. “Security is complicated, and most developers are usually not experts in security,” he said.

How can we maintain productivity when we have those security threats looming in our work? Security is particularly hard to like. It is a curveball into our productivity routine because of how complicated and multifaceted it is for us.

Baruch Sadogursky

But DPE helps developers gain an upper hand, Sadogursky said.

A lot of companies are invested in DPE, including LinkedIn, Spotify, Netflix, and Meta, he said. “There are a number of interesting research [studies] that actually prove that both the quality and dependence of DPE-produced code that is released are improved dramatically for the companies. They are really on the frontier of DPE.”

Sadogursky said DPE is the missing link in the software development process. 

It connects the developer experience with business outcomes by removing friction, enabling speed, and scaling good practices. It is about building better software faster while empowering developers.

Baruch Sadogursky