Dinis Cruz

The idea is to make development easier, when in Learning and PoC modes, but when running in production, the Framework should lock things down and only allow 'secure defaults' Ideally...

Which is something that is also needed in other domains: Testing, DevOps, Performance Key is to share knowledge and promote best practices

https://twitter.com/m1splacedsoul/status/782342377360986112 https://twitter.com/m1splacedsoul/status/782340212282257409

Great for API development and for legacy browser support

With caveat that the point is to gain speed

Just like AppSec , these issues represent 'reality' where the backlog represents 'wishes, ideas and stuff to-do'

Where we need to open an RISK ticket saying "This app/feature has not done a Threat Model and considered its security implications" as michael mentions here  in http://www.slideshare.net/DinisCruz/making-threat-modeling-so-easy

https://blog.komand.com/microservices-please-dont https://twitter.com/dhh/status/776549776846262272

See [Legacy Code](https://github.com/DinisCruz/Book_Software_Quality/blob/master/content/8.Software-development/11.Legacy-code.md) chapter Specially this part: