A lot of basic stuff can be automated, but that only goes so far. Security engineering is becoming its own distinct and highly specialized discipline, and the supply is probably always going to be limited.
I think a better answer is for companies to take security more seriously from the beginning. This means being willing to invest in developer training and in-house infosec. The expense of outside expertise should be ample reason to bring that inside.
I think a better answer is for companies to take security more seriously from the beginning. This means being willing to invest in developer training and in-house infosec. The expense of outside expertise should be ample reason to bring that inside.