How to NOT integrate security tools in DevSecOps : Top 3 Mistakes Across Process, Technology, And People
I am sharing my experience on the top 3 mistakes done during the integration of security tools in the CI CD pipeline across the three pillars of process, technology and people.
How to gauge the possible security impact of a proposed feature or development
This blog explores the factors that can help a product security team judge the possible security impact of a proposed new feature or development before starting a security review. It is an important task to find this before jumping in to security review.
How to Leverage Threat Modeling Findings to Enhance Security Across the SDLC
While threat modeling in itself is a very beneficial exercise, if outcomes from it are stored in a certain way that they can be processed they are really useful for improving product security at various levels.
Choice Architecture in Product Security : Architecting secure choices
I recently came across the concept...