Have you ever worked on a legacy project with lots of source code but no tests? With no build pipelines? With no code analysis and no security checks? Projects like these are still more often the case than we like to think. You may even be a developer stuck in such a project, even though you have tried to raise these issues. Were you told that it is gold-plating or simply too much work to fix? I will share my experiences from such projects, both from the perspective of a tech lead and as a software reviewer (i.e., doing software auditing). But most important: I want to help you with arguments to convince others why these things matter.