Mitigating Third-Party Component Risk: Swapping the Cancer for Something Healthier In my previous post, Threat Modeling Your Dependencies, I laid out how a single vulnerable third-party library can cascade through your ecosystem and poison hundreds of applications. We established the Supply-Chain Trust Score, a way to quantify and track that…
Cursor as your Secure Dev Team What I...
Building an AppSec Program: A Collaborative Approach Are...
AI-Generated Code: Productivity Gains, Security Pains, and the...
There are lots of ways we can optimise what we do, through a data driven approach, but we need to be careful and use critical and creative thinking.
Why are so many people just diving, straight into the code? A minimum of requirements and design? Perhaps a threat Model?
We need to fix the culture, from top to bottom in the software engineering industry. Here are just some of the issues as I see them and what we should be doing about them.
Coming soon to a bookshelf near you, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
Some interesting security and creativity games plus a few more
