Would also add "time" as a reason why AppSec is hard. Devs are given X time to dev/test their work and then check-in. Writing code securely will initially take additional time and Product Management often isn't always willing to allow that extra time.
Would also add "time" as a reason why AppSec is hard. Devs are given X time to dev/test their work and then check-in. Writing code securely will initially take additional time and Product Management often isn't always willing to allow that extra time.
I agree, absolutely!