New research into application security practices at over 75 companies will be discussed, covering software security strategies and tactics as they are practiced “in the wild.” Statistics will be balanced with “war stories” from the field to illustrate foundational principles of starting and sustaining programs, as well as “what not to do” gotchas that can kill an initiative in its tracks.