Badges

User Activity

About 2 months ago
I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
About 2 months ago
It’s a false choice of a question but DAST exist because folks don’t trust their SAST tool. DAST is good about true positives but bad about false negatives. SAST just has a reputation for false positives but a new generation of SAST tools do a much better job.
About 2 months ago
If you stop at ‘static analysis’ and leave off the Security Testing part. I don’t even view this tool as a security tool, it’s much more about code quality.
3 months ago
Application Security solutions need to work for developers and facilitate their interaction with AppSec including things like training/education. It needs to be fast enough to work on the main CI/CD pipeline and it needs to be trustworthy.

About me

I know a thing or two because I’ve seen a thing or two

Interesting Projects and Accomplishments