There is no question that staying ahead of the trends in application security technology is beneficial and can even help prioritize upgrades or consolidations in a bloated tech stack. But to forgo targeting the root cause of vulnerable software – we mere humans – is going to keep us on the losing side of the cybersecurity battlefront. If we want to get serious about decreasing the number of code-level security vulnerabilities, then developers need to be given the foundations to succeed in sharing responsibility for security.
They need relevant, hands-on education and on-the-job upskilling, and functional tooling that doesn’t disrupt their workflow, or make security a chore to develop. Ideally, some tools would be developer-centric, built with their user experience front-of-mind...