What stance to take towards the security of your software environment, vulnerabilities of which will bite anyway and soon (no trust, please!).
We have lost the war for secure software, hackers won, because software contains vulnerabilities anyway -- the current state of software production is such. The quality of developers won’t change soon. Hopefully QA methodologies may change the landscape of AppSec someday. Until then expect yourself being hacked, detect and handle incidents. And also change your attitude towards AppSec. Security is not a technical feature, security is about trust. The trust is based on beliefs and preconceptions. There is no application security you can trust today. Let’s review our preconceptions.