Description
3 Cultural Obstacles to Successful DevSecOps Implementation
When our goal is to change security culture we must consider how to influence our developers while still caring for their needs. This article shares helpful insight into implementing successful security culture change within an organization.
Brenna Leath -- Product Security Leads: A different way of approaching Security Champions
Brenna Leath, head of product security at SAS, visited the Application Security Podcast to share her insight on security champions and how she approaches this role in her organization with product security leads. We hope you enjoy this conversation with...Brenna Leath.
How GO Mitigates Supply Chain Attacks
This post, from the GO blog, dives into how this coding language mitigates supply chain attacks.
GitHub can now auto-block commits containing API keys, auth tokens
It is vital to keep private information, such as API keys, passwords and authentication tokens, secure. GitHub recently released a new update that scans code for this sensitive information before committing the code to a repository.
If you're not using SSH certificates you're doing SSH wrong
If you use SSH without certificates, this story may make you uneasy. The author argues why we shouldn't be using SSH with anything other than certificates in the modern day.
“SBOM” should not exist! Long live the SBOM.
This article by Steve Springett, who is at the center of the software bill of materials universe, explains what an SBOM is and why they should exist.
In defense of simple architectures
As security professionals, we love simple because complex is hard...
Published 06/23/22
1. An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy
-https://www.usenix.org/publications/l...
We conducted our review of threat modeling tools in three main phases: Tool Discovery, Evaluation Criteria Selection, and Application of...
Published 05/26/22