Blog

A bug fix always beats a round of risk assessments

“Many organizations have an effective process for identifying problems, but no process for remediation,” said Matt Rose, the global director of application security strategy at Checkmarx. “Organizations do a lot of signing off on risk. Instead of saying ‘let’s remediate that’ they say ‘what’s the likelihood of this actually happening?’”   Sadly, the trend towards cloud-native, DevOps based development hasn’t reversed the this trend towards preferring risk assessment over problem remediation. The goal of any team that is embracing DevOps and implementing a system of continuous delivery is to eliminate as many manual processes as possible. A big part of that process is integrating software quality and static code analysis tools into the continuous integration server’s build process. But simply automating the process isn’t enough. “A lot of times people just automate and don’t actually remediate,” said Rose. Continue reading on The Server Side

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content