Application Security’s People Problem
451 Research Business Impact Brief
The world’s security infrastructure has a serious people problem, which is centered on the need to deliver more effective application security to a broader population of users. It’s a population that needs sophisticated protection without requiring extensive training or expertise in appsec minutiae. Buying more tools isn’t the answer; making better use of tools and data is. Application security tools are moving out into the organization, but there aren’t enough people who understand how to use them effectively.


  • MAKING MORE SECURE CODE — Appsec approaches that work with teams, rather than against them, reduce
    the chance of bypasses and shortcuts that increase risk.
  • SUBTLE TEAM TRANSFORMATION — Effective approaches allow developers to progress at their own pace,
    while providing a safety net of gates and mitigations.
  • MAKE THE MOST OF AVAILABLE TOOLS AND INTELLIGENCE — The development process and infrastructure
    throw off large amounts of data. It’s critical to put it to work effectively to guide teams and target mitigations.
  • GET TO MORE SECURE DEVELOPMENT FASTER — Automation integrates security perspectives into development
    processes earlier to build DevSecOps hardened pipelines. Building guardrails into tool chains gives developers
    freedom while constraining risk.