[nibbleshifter]

Its cheap if you build it in from the ground up, and a well thought out security program shouldn't impact development velocity at all.

Retrofitting security later tends to be painful, expensive, and cause conflict.

In software companies security teams should enable the developers as opposed to being a hinderance.

Secure code is code that tends to be better written, better documented, more performant, and pass tests. All of which are good things.

I'm always amazed at how many YC/VC backed software startups seem to have no place in their team or board for security, which makes it a massive cost center later on when they try retrofit it.