The concept of "Security Advocacy" highlights a crucial point: security is not inherently part of development processes and requires promotion to achieve completeness. This suggests the existence of two distinct groups, the 'committed,' who are dedicated to security, and the 'others,' who do not share the same level of motivation. The expectation here is that both eventually converge, though such convergence is not a certainty.

This talk promotes the concept of distributed advocacy, wherein security advocates and developers are part of a unified community. Here, every member is a champion of the cause. According to this framework, security requirements and compliance are foundational aspects of the system's core functional specifications and are incorporated into the final products. By blending the roles of advocates and developers, this approach fosters ongoing collaboration and encourages all participants to be more actively involved.