PERFORMANCE ISSUES AND SECURITY SCORECARD
Some performance criteria have been set up so that employees can be more fairly allocated certain degrees of discrimination. For software developers, some of these criteria are the ability to develop code that does not contain weaknesses. However, it is not always easy to determine these criteria fairly.
Unless software developers are held accountable for vulnerabilities only in the code they develop, it is likely that unfair scores will occur. So it is very important to build a system that integrates into the code repositories and can determine the code belonging to whom. And within these criteria, it is absolutely necessary to score according to the security awareness, the length of the closure of the findings and the number of lines written. It may be more accurate to give a performance note to the software development team with a project-based scoring because there is not such a detailed scoring system at this time.
A developer-level scoring will soon be available in applications developed using the AttackFlow plugin. As developers close the findings, security awareness will increase, and AttackFlow will notice that it will raise the awareness score of those who do not create a weakness for a long time. And this process can be followed by AttackFlow Portal. Development managers will be able to behave in a fairer way when giving security performance note.