Shift Left Security Strategy Fails to Deliver Expected Benefits
Summary
Hide ▲
Show ▼
The 'shift left' security strategy, which aims to integrate security earlier in the software development lifecycle (SDLC), has failed to deliver its promised benefits. Developers are overwhelmed with cognitive load, and businesses prioritize speed over security, leading to increased risks. A study by Qualys found that 7.3% of container images from public repositories were malicious, with 70% containing cryptomining software. The strategy has shifted the burden onto developers without adequate support, resulting in security being bypassed or ignored. To address these issues, experts recommend a 'shift down' approach, where security is embedded into the infrastructure layer, managed by specialized teams. This approach automates security checks and fixes, reducing the cognitive load on developers and making secure deployment the path of least resistance.
Timeline
-
20.02.2026 16:45 1 articles · 7h ago
Qualys Study Reveals High Percentage of Malicious Container Images
Qualys Threat Research Unit (TRU) conducted an analysis of over 34,000 container images from public repositories, finding that 7.3% were malicious. Of the malicious images, 70% contained cryptomining software, and 42% contained more than five secrets, such as AWS access keys and database credentials. The study highlights the risks associated with using public container images and the need for better security measures.
Show sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
Information Snippets
-
The 'shift left' security strategy has failed to reduce risks as intended.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
Developers are overwhelmed with cognitive load and often bypass security protocols.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
Businesses prioritize speed over security, treating security protocols as barriers to productivity.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
Qualys analyzed over 34,000 container images, finding 7.3% were malicious, with 70% containing cryptomining software.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
42% of container images contained more than five secrets, such as AWS access keys and database credentials.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
Typosquatting is a common method used by attackers to distribute malicious containers.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
The 'shift down' approach recommends embedding security into the infrastructure layer, managed by specialized teams.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45
-
Automating security checks and fixes can reduce the cognitive load on developers and make secure deployment easier.
First reported: 20.02.2026 16:451 source, 1 articleShow sources
- Why the shift left dream has become a nightmare for security and developers — www.bleepingcomputer.com — 20.02.2026 16:45