Protocol 4.6TestingSENTINEL · AI-DEGRADED
Security Analysis
Checks for multiple security layers: SAST (CodeQL, Semgrep, etc.), dependency scanning (Dependabot, Snyk), and secret scanning. When quantitative alert data is available, surfaces tool names, severity breakdown, and remediation rates.
Defense in depth — no single security tool catches everything. Multiple layers cover code, dependencies, and secrets.
Velocity Governance · Sentinel-10 Protocol
Protocol 4.6 is one of the 10 engineering practices Concordance flags as most degraded under AI-accelerated development. That 4 publicly-documented incidents in this Index already failed it — before AI was the dominant velocity driver — is exactly the pattern the Velocity Governance thesis predicts will accelerate. Read the thesis →
Incidents that failed this protocol
Progress Software (MOVEit)May 2023civilizational
CVE-2023-34362 SQL injection in MOVEit Transfer leads to mass data theft
SAST did not detect the SQL injection vulnerability before release despite it being a pre-auth flaw in a file-transfer application.
SolarWindsDec 2020civilizational
SUNBURST malware injected into Orion build pipeline compromises 18,000 organisations
Security analysis of build outputs did not include behavioural diffing that would have detected the new outbound network behaviour introduced by SUNBURST.
Apache Software Foundation (Log4j)Dec 2021civilizational
CVE-2021-44228 — JNDI injection in Log4j enables remote code execution
Security analysis did not flag the JNDI-injection pattern despite it being a recognised dangerous-substitution class.
OpenSSL ProjectApr 2014civilizational
CVE-2014-0160 — Heartbleed buffer over-read in OpenSSL TLS heartbeat
Security analysis: SAST tools at the time could detect bounds-check omissions in C; Heartbleed-class issues were known patterns. Security review did not catch this in the heartbeat patch.
See where your repo scores against Protocol 4.6 — and the other 49 — in 60 seconds.
Run a free scan →Full framework →