The Importance of Culture in Development

It depends on the culture of development within the organization. If a developer sees security as part of his job, something to be integrated with then that's the ideal place you would want to be in. In complex environments where there are a lot of integration of an event, they may not necessarily know which code is touching and it will put more responsibility on the security team. There is no nothing that works for everybody. I find that just by reading the code of the library or the thing, I realized it's not that much code. And probably 80% of what it does is not for me. So yeah, I would say reading the code is the only way I know of judging a project