Nowadays most of mature companies doing software dev, are using various scanners (SCA, SAST, so on) to keep finger on the pulse in terms of security.
However, at big scale and with dynamically changing conditions, it's hard to get raid of all detected vulns, even if you are focusing on these most critical.
What is your experience?
Did you and your teams managed to reach the perfection, having counter always down to almost zero?
How pipelines and automation supported you in this journey?
Is zero tolerance policy the only effective way?
Please share your thoughts.
submitted by /u/Fancy-Breadfruit-786
[link] [comments]
from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/oRdL7nX
Ameer Academy 