The notion of shifting left has been a best practice by application security practitioners, devOps engineers, and application security tool vendors for a long time. Shift Left is a term used to reflect the practice of identifying weaknesses and vulnerabilities as quickly as possible, while minimizing development friction. The advantage to identifying issues early on, results in better security, agility, and cost efficiencies.

Q: Is it possible for a commercial enterprise to implement an application security program with only opensource tools?

Originally, I authored this article for the Veracode Community Website.