Our client, whose software is used in highly regulated industries, lacked the ability to evaluate its source code for vulnerabilities. Two large applications with different secure software development requirements needed evaluation. In each case we needed to identify and support remediation of vulnerabilities prior to release. Application 1 included 1.7 million lines of code of C#, .NET, 45k lines of VB and required daily reviews. Application 2 had more than two million lines of code. Each application needed to be reviewed three times per year.