Recently, cybersecurity and Application Security (AppSec) have become two of the most publicized topics in news reports — and for a good reason. Since 2013, hackers have breached 3 billion Yahoo and 500 million Marriott user accounts and stolen the sensitive information of 21.5 million security clearance applicants from the US Office of Personnel Management (OPM). These astronomical numbers do not include the disclosure of credit card and other financial information of hundreds of millions of shoppers at Home Depot, eBay, and Target.
Astonishingly, most of these compromises could have been prevented with simple preemptive measures. As with most software defects, the cost of removal grows exponentially the longer a defect persists after implementation. In practice, many of the security defects that lead to compromises originate during implementation, which means that developers are in a precarious situation: they have the power to stop security defects — which can lead to compromises — at the source. Failure to do so leaves developers responsible for substantial damage to businesses and their customer
