With all the threats lurking out in the wild, application security remains a top-of-mind subject. In spite of these concerns, the number of security breaches continues to rise along with the number compromised accounts containing user data. Why is this happening even with all the emphasis on better security? The simple answer is that it’s not easy! The challenge is improving security without disrupting your existing CI pipeline or slowing down your delivery velocity. Reducing vulnerabilities in your applications takes dedication, persistence and an effective game plan.
There are endless articles on this subject so how is this conversation different and why are we talking to you about this now? We simply think that the development community has matured and we’ve reached an important milestone in how to approach the problem. At SonarSource, we advocate a pragmatic approach involving Security Hotspot detection. Hotspots are security-sensitive pieces of code through which a vulnerability can flow. They require assessment by someone wearing a security hat to determine if they’re true vulnerabilities.