Jim Gumbley, writing in Martin Fowler's valuable web site, gives us a simple, and very-approachable primer for how to do threat modeling in DevSecOps. I had previously not seen the thrilling NotPetya story before and really enjoyed that real-life cyber thriller.
If you are a software developer or DevOps professional and your perception of DevSecOps and information security is simply "minimal compliance with draconian InfoSec policies," you are in for a frustrating experience and you will develop inferior software services.
No comments:
Post a Comment