Unfortunately, moving left falls short of capturing the idea accurately or with any real level of inspiration. With the growing adoption of Agile and CI/CD, the world of development is no longer a straight line, but rather a continuous cycle–one in which there is no “left.”
This outdated metaphor has also proven to be an empty assertion. Vendors claiming to move left do not actually move the actual test nor the process of remediating the test results any deeper into the developer’s world. Instead, they just move the button to launch a test closer to the developer. Therefore, it resolves nothing and does nothing to enable the developer.
While I find “moving left” to be an annoying term, the concept grew out of the belief that identifying vulnerabilities late in the development process–often post build–makes the job of finding and remediating vulnerabilities harder and more time consuming. Asking a developer to go back to a previous build to remediate vulnerabilities is painful. It also affects the development cycle of the current build. As much as we have evolved, developers are still incented to deliver their code on time over and above producing secure code.