What to do with "Mass Assignment: Insecure Binder Configuration"?
Heated discussions at my client around this relatively new (well since 2015.1) rule. "Mass Assignment: Insecure Binder Configuration"
After reading the explanantion and resolution advise most peoples response is: "yes, sure but our implementation is not so naive. we only have backing objects that only contain the fields that need to be exposed." Even the advise for fixing is a bit misleading and give a false sense of security (another place you need to update when adding fields).
So we have most teams mark these as false positives.
What do you do with them?