Our vision is to make security a commodity. As part of that the biggest problem to tackle, besides making security accessible, is to make security relevant and actionable.
Security tools are designed to identify all patterns that may cause security issues, no matter how low the potential impact.
This provides a big hurdle for developers that are not experts in security, because they have to understand which issues are relevant and which issues aren't.
We at GuardRails spend a tremendous amount of time on tuning the rules, improving them and making sure the amount of false positives are continuously getting closer to 0.
GuardRails issues are security issues that have a high impact if exploited by attackers.
This means issues that cause the targeted application to stop working (Denial of Service), allow attackers to get full access to user data, or allow attackers to take over the application.
For that reason, GuardRails may be perceived as "quiet".
Our goal is to not bother people with security, unless it is absolutely necessary to take immediate action.