In my experience the reason stems from the fact that the interaction with security typically manifests itself in the form of an inquisition/audit where a series of 'what ifs' and increasingly implausible corner cases (without solutions, time or budget) get dropped in the engineers lap to 'make work'.<p>Security leaves the meeting with mission accomplished, Engineers leave the meeting with pile of new work and less time to do it.
In my opinion security, devops and all other teams have common goal. Namely help company to create sellable product. Being insecure and undeployable are both fatal flaws working against this goal.<p>Sadly, as any specialized department, security tends to loose this perspective and pursue own goals e.g. emulate external auditors, instead teaching the rest how to work with them efficiently or enforce whatever new shiny security standard is, without consideration of fit and impact.<p>Of course the same problem can happen, when devops install k8s to support two instances of blogs or developers incorporate DDD into creation of simple CRUDs.<p>My company is currently working as a vendor for customers in highly regulated area. Customers have own IT, however they are unable to do anything meaningful in reasonable time, because of completely over the top constraints put on the developers (definitely bigger than required by regulators and not well thought).<p>What's funny the more customers are happy with our work, the more their security pushes us to adopt their own standards. Then our security tends to support them because they are clearly "superior" to us (namely more tight).<p>Clear case of ceasing to cooperate and focusing on own area.
As a programmer I always disliked DevOps because it expected engineers to write yaml instead of code. Well because code is too expressive for configuration, I hear you say with reproach. Then why is there this bash script that changes the config files of the staging environment and pushes the changes to a the production git repo from where it is deployed to kubernetes.