DinisCruz
commented
8 years ago Here is the story
"Basically the appsec team was doing static analysis of some big app and they found lots of hardcoded passwords in the source code. The developers were very angry and unhappy about this finding, because this meant their app could not go live in time and they all lost their bonuses . So the developers said: "You AppSec guys are always causing us problems. We hate your guts. So for our next release we are going to rename all the password variables inside our code to "refrigerator" so your stupid SAST tool could no longer find them and flag this as a vulnerability"
Need to talk about why developers avoid appsec people