Can good development practices make a bad app good? In this talk, we will examine the development practices utilized in more than 132k applications. Using rigorous, data-driven analysis, we measure how dynamic and static scanning, scan cadence and frequency, and software composition analysis affect application security. We will show that good practices can make the most security-debt riddled app safer.