OWASP has certainly pushed forward a lot of great advancements in Software Security Assurance, yet you’re still fighting your organization to allow you to scan applications before they go live. Somewhere between the avalanche of site breaches, new technologies, and new apps you’re going to need a better strategy. Let’s face it, if you want to keep playing the game with today’s rules, you’re going to need a bigger shovel …or you can simply choose to evolve your game. Combining a practical ‘workshop style exercise’ and a lecture style talk, this session covers and demonstrates some of the challenges of software security – and why you’re having all this trouble in your day job. This talk will cover why Software Security Assurance programs are still lagging in a majority of organizations, and provide a critical look at how a shift in strategy can help you fall behind a little slower.