While performing software security assessments I have all too often run into developers that are constantly trying to explain away vulnerability findings. They spend way too much time trying to justify the code they have written and explain why it doesn’t need to be changed. All kinds of reasons are given. For example, the access […]