Developers not understanding the full context of risk findings (or moving too quickly to appreciate it) is an AppSec call-to-action. From the dumps of data we collect from security tools, it's our job to pull out and prioritize the golden nuggets that provide maximum return on remediation-time spent, and frame them within contexts that are native to our dev friends' experience and environment. One of our mantras: "Visibility is a critical first step."
Looking Right to Shift Left
December 2, 2022