Application security engineers are hard to hire. Learn how to shift the responsibility to developers to scale software security.
The vast majority of application security teams are under resourced, if resourced at all. Application security (AppSec) teams should scale with development teams, but this rarely happens. So, given this disadvantage, how can you make your applications safe and be effective with application security?
The only way application security scales given limited resources is shifting responsibility back to the developers. Developers should ultimately own the responsibility anyway even given infinite resources—it is their code that they wrote and they should ensure there are no vulnerabilities in the same way they would with other bugs. Even with no resources, shift responsibility to developers as soon as possible even while waiting for that impossible-to-find application security engineer. The longer you wait the harder it will be to get your head above water.