Application security has two challenges: Keeping pace with the evolution and sophistication of attacks, and keeping pace with the speed of modern application development…DevOps. Since most breaches start with the application, we cannot ignore the requirement of implementing security controls. But we also need to address the issue of security being too late in the process to be effective.