For many of those responsible for enterprise information security practices, there is often a traditional yet amorphous boundary preventing full engagement in application security. It’s a disconnect that not only inhibits security pros from influencing the application development process, but it also makes it difficult for application security vulnerabilities to be identified and addressed promptly.

One of the interesting conundrums presented by this disconnect is that the infosec team is often responsible for assessing and triaging all vulnerabilities, regardless of origin. Yet without the authority or means to correct application-layer vulnerabilities, root cause remedia...