Stop me if you heard this before, but security is everyone’s problem. We’ve all heard this many times, but what does it really mean? In my experience, the ability to scale an application security team to meet the need of a large organization is difficult, if not impossible. Many of the organizations that I have worked with have had hundreds or even thousands of developers. In these organizations, even what I would consider a large application security team was no match for the sheer volume of work in the organization. This means that organizations must find other, more creative ways to bring security to the overall development of software.