Mornings With Mark

Is application security (AppSec) dead? Did it every really work? I would argue that it didn't and hasn't. Case in point: the OWASP Top 10 web application vulnerabilities hasn't significantly changed in the past decade. That's a problem. What's the solution? References: thread from Eric Hammond on security in tutorials, https://twitter.com/esh/status/1156359661878050816 OWASP, https://www.owasp.org/index.php/Main_Page