The thing I don't understand here... How you can you write a multitenant app where protecting an EAV store is a critical feature and not have tests that validate that your security still works that run before every deploy.
If you live and breathe good software engineering practices; it's sometimes hard to realize that the actual practice in industry varies wildly. From shops where everything flows through the CI server to shops where whoever last pushed to production is the source of all user visible bugs...
I have; within the last 6 months, dealt with a team that was reluctant to adopt version control and for whom 'push to production' meant firing up filezilla. They are doing better now but they authored and support several ecommerce apps that handle millions in orders every year.
I have; within the last 6 months, dealt with a team that was reluctant to adopt version control and for whom 'push to production' meant firing up filezilla. They are doing better now but they authored and support several ecommerce apps that handle millions in orders every year.
So, yeah; I believe it.