Application security is undergoing a shift to the left in the system development lifecycle, moving backward through the testing box and into the code creation box. This necessary change has crawled forward for years, but has finally passed a tipping point.