This blog is focused on a positive approach to securing software applications. In short, we value security architecture, standard controls, verification, whitelists, and assurance over hacking, scanning, attacking, vulnerability management, blacklists, and risk. We have found that the positive approach is simpler and dramatically more cost-effective.