DevOps has not yet become DevSecOps, leaving DevOps insecure. What causes it? Traditional, “old” Sec does not fit DevOps! This presentation dispels DevSecOps myths, such as: shift-to-the-left, omnipotent automation and priority of culture. Then, it defines capabilities that application security should have, in order to make DevSecOps a reality. Further, it forecasts trends and estimates the pace of adoption.