There are two things to consider in spreading application security across an entire organization: dealing with the enormous backlog of vulnerable Web code from eras before and then integrating secure coding into your current development pace to fortify the next codebase for tomorrow. Two strategies for addressing past and present software security need to be highlighted as breaches continue.