How Oso's Security-as-Code Approach to Authorization Might Change How You Think About Security
upstart writes:
It's increasingly evident that for security to work, security must be baked into the development process - not a bolt-on afterthought that a dedicated security team manages. This newfound appreciation for developers' roles in security has given rise to things like DevSecOps as well as open source projects like Oso.
Oso, which just announced today the general availability of Oso Cloud, offers an open source policy engine for authorization that represents security as code so developers can express security as a natural extension of their applications.
[...] Authorization is hard to get right, and while crucially important, it's not necessarily central to anyone's business. As such, authorization tends to be something that every company requires yet often goes about in ineffective ways. Arguably, it's time we stop thinking about authorization, or security in general, as an off-the-shelf product that someone can buy, and more about a new model or mindset that developers must apply.
[...] This brings us to authorization. Authorization has so far evaded becoming a third-party service offering, largely because no one has been able to make it generic enough to be broadly relevant while still being flexible enough to be useful. Oso thinks it has cracked that code.
Read more of this story at SoylentNews.