Great piece from SearchSecurity:
The application security challenge has become so difficult to address through development, Krikken said, that he instead encouraged enterprises to consider an alternative strategy that relies less on developers and more on integrating defensive technologies – like Web app firewalls (WAFs), database audit and protection (DAP) products and XML gateways – into the enterprise application architecture. He said externalized components such as WAFs should be used in concert with code frameworks and platform features to fill in security functions.
Glad to see Gartner coming around this. We've long argued that WAF and SDLCs are natural partners.