Can we hope to change software security when our software and security continue to operate independantly?
Useful standard practice for shifting left or more work that reward - you decide
