Automated analysis tools excel at finding certain types of vulnerabilities, but humans continue to be necessary to evaluate the severity of such flaws. Two-thirds of penetration testing engagements involve testing either web applications or web-based application programming interfaces (APIs) Only half of security operations centers typically have visibility into DevOps activities, and only a third of penetration tests results are shared between DevOps teams and security teams, according to Fortinet’s “2019 State of DevOps Security Report” Only 58% of development teams thought that they had caught the majority of vulnerabilities before their code went into production.”]