3 Cultural Obstacles to Successful DevSecOps Implementation When our goal is to change security culture we must consider how to influence our developers while still caring for their needs. This article shares helpful insight into implementing successful security culture change within an organization.  Brenna Leath -- Product Security Leads: A different way of approaching Security Champions Brenna Leath, head of product security at SAS, visited the Application Security Podcast to share her insight on security champions and how she approaches this role in her organization with product security leads. We hope you enjoy this conversation with...Brenna Leath. How GO Mitigates Supply Chain Attacks This post, from the GO blog, dives into how this coding language mitigates supply chain attacks. GitHub can now auto-block commits containing API keys, auth tokens It is vital to keep private information, such as API keys, passwords and authentication tokens, secure. GitHub recently released a new update that scans code for this sensitive information before committing the code to a repository. If you're not using SSH certificates you're doing SSH wrong If you use SSH without certificates, this story may make you uneasy. The author argues why we shouldn't be using SSH with anything other than certificates in the modern day.