Why the shift left dream has become a nightmare for security and developers

• Why the shift left dream has become a nightmare for security and developers February 20, 2026 09:45 AM 0 Written by Ivan Milenkovic, Vice President Risk Technology EMEA, Qualys For the better part of the last decade,we have engaged in a comfortable fiction around security and development. • If we could only “shift left” and get developers to take a modicum more responsibility for security alongside their coding, testing and infrastructure deployment, the digital world would become a safer, faster and cheaper place. • Instead, the fundamental conflict between speed and security has got worse. • Developers are under crushing pressure. • The classic triangle of project management - Fast, Good, Cheap; pick two - has been smashed to pieces. • Businesses demand fast, good, cheap and secure.

Article Summaries:

• Ivan Milenkovic of Qualys argues that the long‑promised “shift‑left” security model has backfired. Developers, already pressured to deliver fast, good, cheap, are forced to juggle security scans that slow pipelines, turning security into a productivity barrier. As a result, organizations rely on public container registries-assumed safe by default-yet Qualys’ research of 34,000 images found 7.3 % were malicious, 70 % of those contained cryptomining code, and 42 % exposed secrets such as AWS keys. The article highlights the need for integrated cloud‑native protection platforms (CNAPP) and cites Forrester’s 2026 Wave as a benchmark for leaders in the space.

Sources:

• https://www.bleepingcomputer.com/news/security/why-the-shift-left-dream-has-become-a-nightmare-for-security-and-developers/