Successful attacks on applications continue to prove the ubiquity of software vulnerabilities, and now that applications are releasing faster than ever, the problem will grow much worse if not curtailed. Application security pros must adapt the way they perform prerelease and production application security to increase security in the new model of Agile development and DevOps. Our application security maturity assessment is a prescriptive framework to evaluate maturity level, identify gaps, prioritize improvements, and demonstrate progress.