You have written tests for your code and now feel safe because your code is tested. But test quality is really hard to measure. The idea seems to be to introduce “vulnerabilities” (whatever that means…) and see if your tests catch them. If they do that’s supposed to show that the tests are good and vice versa.
Covetous demon inspiration finally revealed