Typically, IT and business management have no visibility into the overall state of application security. Activities for assessing, prioritizing and remediating application vulnerabilities are ad hoc, fragmented, and carried out at low levels in the IT security organization.
