Efficient maintenance of large, complex code bases presents substantial challenges to organizations in the face of an enormous quantity and variety of potential security vulnerabilities. New vulnerabilities are discovered frequently, increasing the analysis and effort required in addressing them. Once a potential security vulnerability is known, a code base may be analyzed to identify if the vulnerability is present therein, but additional action must be taken to address and remediate the vulnerability once identified.
When a code base is sufficiently large and responsibility for parts of the code base is distributed across multiple technical owner teams, manually identifying the appropriate responsible technical owner of an identified vulnerability becomes a challenging and time-consuming task. In some cases, the number of identified vulnerabilities over time exceeds the capability of the organization to accurately and promptly distribute the vulnerabilities to the responsible technical owners. As a result, a backlog is of unassigned vulnerabilities is created, resulting in holes in the security of the code base that are not addressed in a timely manner. Secure maintenance of complex, distributed code bases requires a system of handling security vulnerabilities that can keep up with the rate of vulnerability discovery.