Catching vulnerabilities early in the DevSecOps cycle is often seen as beneficial, but this approach may not be suitable for Dynamic Application Security Testing (DAST) in contemporary settings. The focus should be on reducing risk with limited resources, considering factors like exposure time and severity rather than solely relying on traditional scoring systems like CVSS. Many vulnerabilities, especially those from open-source code, third-party vendors, or new attack methods, cannot be fully prevented from reaching production. Staging environments, often differing significantly from production, may not detect issues related to configurations, certificates, or dynamically loaded scripts, making it challenging to achieve a state without production vulnerabilities. Dynamic testing in staging environments can be impractical due to time constraints and differences in configurations, leading to a recommendation for testing directly in production. Emphasizing resolution time and employing External Attack Surface Management (EASM) allows organizations to continuously identify and address high-risk vulnerabilities in production, aligning with modern development priorities.