Are security vulnerabilities an indicator of testing practices?

In our experience, the answer is yes. When there’s a lot of manual testing required for changes in applications, developers and product owners can be hesitant to make changes, especially when deciding to upgrade open source libraries.

Read the article on LinkedIn on “Are security vulnerabilities an indicator of development testing practices?”

What are orphaned code repositories and why should you care?

An orphaned code repository is where no one in your organisation has worked on the code because they’ve all left. This can happen over years as people come and go, often with code “still working” but a knowledge challenge when something breaks or there is a vulnerability needing fixing. However, it’s also possible it’s an experiment or proof of concept that was never used and should be archived or deleted.

Read the article on LinkedIn “What are orphaned repos and why should you care?”