sdl

Tagged

A collection of 2 posts

Think "Feedback" over "Pipelines" for DevSecOps Success

For a while now, the term DevSecOps has become synonymous with Pipelines. That is natural. DevOps, for the longest time has been associated with pipelines. I am sure, that if you've read anything around DevOps or DevSecOps, you'd have heard of the term "CI/CD". Well, let's look at what

threat modeling

Thoughts on Using and Scaling Threat Modeling

Some of my pet peeves with Threat Modeling, as its currently done by a lot of orgs out there: Threat Models are generated as tomes, rarely used by the people who need to be using it (architects, engineering teams, business owners, even security people)Consequently, Threat Modeling does not scale.