What is a great way to stop getting invited to the engineering holiday party? Block an application release or hold up a build due to a found vulnerability. Historically, application security has been the team that comes in at the end of a productive coding release to show various issues with the code, deployment, libraries used, and other ways of showing how the software is not ready for prime time. This gated approach is something that has been pushed for by security for various reasons. The prime one being that the security organization is tasked with identifying, helping to reduce, and measuring the risk of the organization. In this capacity, the security team obviously wants to ensure that there are no vulnerabilities that put the organization at risk going out to production. A better approach is to create an ecosystem of security that enables the development teams to access security services along the path to production.