Is it time to move away from "AppSec" to "Software Security"?

If , you agree with the following statements are true:

1. Software is the umbrella for anything written in code; an application is a component of software and just as vulnerable.
2. Applications allow a user to perform a task or activity while software executes that task or activity.
3. Application security came about as initial security testing focused on testing a running application, much like quality assurance testing, and ignored the back-end software components.
4. If something is written in a coding language, then it needs to be tested to ensure it is secure. All software is written in a coding language.
5. Software is the ecosystem of technology while applications are the entry point into that ecosystem.

These four priorities are a good place to start:

1. Organizations need to move beyond the barriers and limitations of traditional gated security approaches and move to a new era of full visibility and control over their software exposure at any stage of the development life cycle.
2. Proper and consistent training should be funded and provided across entire organizations.
3. Remediation efforts need to be made into actionable insights that address vulnerabilities within the entire SDLC.
4. Everyone that touches software and participates in the security of it needs to be forward thinking, forgetting the typical nuances of the past.

https://www.darkreading.com/attacks-breaches/appsec-is-dead-but-software-security-is-alive-and-well/a/d-id/1333096