Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with designing for security. Too often, the shift-left mantra consists of implementing (AI-powered) code scanning and applying AI-powered security fixes for remediation. Also, don't forget to implement the AI-powered benchmark for AI-powered Security Fixes. Now, to be clear, I am not actually telling you to stop using these tools — if they work for you — instead, we should ask ourselves: What are we working on? What can go wrong? What are we going to do about it? Did we do a good job? OWASP Cornucopia v3.0 In order to support that second question in particular, we have released the next version of OWASP Cornucopia v3.0 . If you would like to buy a professional physical copy of v3.0, you can do so at CyberSec Games .…