That is a good point to make. If the development data can lead to exfiltration of higher privacy data then I would define it as "more sensitive" and take that into consideration, this particularly applies to config information required for authentication. I understand your perspective however, it is important to take lateral movement into account.
No comments yet.