|
|
|
|
|
|
by technion
3966 days ago
|
|
|
I feel a huge part of this is "culture". If a junior developer logs an issue stating "I'm concerned that this function could lead to SQL injection", what is the reaction? In most companies I've seen, the answer is a senior developer saying either "show me an exploit or accept that you're wrong". If the attitude was instead to say "I disagree about exploitability, but the fact there's a question there is a code smell regardless so send a PR", a lot of vulnerabilities would go away. |
|
|