Mission accomplished – your firm is receiving top marks for its forward-thinking software security program, with SDL adoption from Hong Kong to Mountain View, code review teams, fuzzing teams, developer training, stack protection, WAFs, and IPs. You have it all: no line of code left unscrutinized; no input left to chance; attack surface reduced by 78% and counting.

But before you retire to the pub, there’s just one more question to ask: what happens to all of that beautiful security work if your …