The Relationship Between Security and Developers

Security teams used to work on apentest, or have some outsorce pentess company and provide a 300 page report of all the bugs to fix. But that doesn't work any more in terms of preventing applications from going out. So i think it's changed from being able to honestly go back to data, right? So self service data can you give engineers, instead of just noisy,. Like most engineers just didn't have access to security products before, or the data from them, so they just had no idea.