Organizations that develop applications in-house have a decision to make: you can wait until someone exploits vulnerability in your system and fix it, or you can proactively build security early on in your development process — mitigating vulnerabilities before attackers find them. A proactive application security program should extend to every relevant phase of the application life cycle, from conception to operation: program success hinges on commitment and support from executive management. Security personnel need to work with application owners and business stakeholders to prioritize resources and to ensure proper measures are implemented throughout the life cycle.