threat modeling Mozilla's Rapid Risk Assessment (RRA) - Interview I have always been passionate about Threat Modeling. Especially at efforts at: scaling itspeeding it updoing it collaboratively without having your Product Engineering Teams hating you Codifying it, or..Integrating it with DevOpsOn the other hand, I have always found Mozilla to be a fascinating organization. They are a non-profit,
agile Think "Feedback" over "Pipelines" for DevSecOps Success For a while now, the term DevSecOps has become synonymous with Pipelines. That is natural. DevOps, for the longest time has been associated with pipelines. I am sure, that if you've read anything around DevOps or DevSecOps, you'd have heard of the term "CI/CD". Well, let's look at what
threat modeling Thoughts on Using and Scaling Threat Modeling Some of my pet peeves with Threat Modeling, as its currently done by a lot of orgs out there: Threat Models are generated as tomes, rarely used by the people who need to be using it (architects, engineering teams, business owners, even security people)Consequently, Threat Modeling does not scale.
