Hello Gilbert,
Regarding your comment in the other thread, I understand you were not consulted about this change. We do regular user research and this was not an exception.
Also, keep in mind many product changes come from Sonar’s vision and not necessarily from user input. Think about analysis innovation, we invest a lot in finding things before you do.
As to the motivation for this change of classification, we published a blog post on the topic.
Regarding your point about everyone calling static analysis findings “bugs” or “vulnerabilities”, I think that’s fair.
At the same time, I feel that what we really mean is code issues that might negatively impact the runtime or security, respectively. Some of them might certainly do, and some of them may be in the future. Nevertheless, these are things we don’t want in the code.
After thinking about this for a long time, we think making this explicit makes sense. So we came up with a new way to classify issues.
Are you maybe implying that you personally see no value in this new classification? Or that you prefer the previous one? I’m happy to hear your views.