Badges

160 Points
Top 5

User Activity

About 2 months ago
Answered a question What is the biggest difference between Checkmarx and SonarQube?
I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
About 2 months ago
Answered a question SAST vs. DAST: Which is better for application security testing?
It’s a false choice of a question but DAST exist because folks don’t trust their SAST tool. DAST is good about true positives but bad about false negatives. SAST just has a reputation for false positives but a new generation of SAST tools do a much better job.
About 2 months ago
Answered a question Is SonarQube the best tool for static analysis?
If you stop at ‘static analysis’ and leave off the Security Testing part. I don’t even view this tool as a security tool, it’s much more about code quality.
3 months ago
Answered a question When evaluating Application Security, what aspect do you think is the most important to look for?
Application Security solutions need to work for developers and facilitate their interaction with AppSec including things like training/education. It needs to be fast enough to work on the main CI/CD pipeline and it needs to be trustworthy.
Currently Researching
Experience
Following

Answers

About 2 months ago
Application Security
What is the biggest difference between Checkmarx and SonarQube?
About 2 months ago
Application Security
SAST vs. DAST: Which is better for application security testing?
About 2 months ago
Application Security
Is SonarQube the best tool for static analysis?
3 months ago
Application Security
When evaluating Application Security, what aspect do you think is the most important to look for?

About me

I know a thing or two because I’ve seen a thing or two

Interesting Projects and Accomplishments

3 months ago
I started and run DevOps teams in Fortune