Software Security: What are we missing??

We certainly haven't solved software security yet as an industry, have we? So... what exactly is missing?

In other words:

• Which tools/processes need to improve? Where is there lots of manual effort, false positives, frustration, burnout, etc. ?
• What are your specific pain points? Which pain points are felt across the entire industry?
• What has helped you be successful when building an AppSec program?
• What tools/processes are must-haves? What ones are nice-to-haves?
• If you could fundamentally change an existing approach/process/tool, what would it be and why?
• Pretend there’s no technology limits. If you could start any type of application security company, what would it be?

This is not a presentation, but rather a topic-focused discussion where we'll address these questions and more. Come and bring your opinions, or just listen and learn. It's always a great chat with great people!