Sunday, May 31, 2020

Good primer for DevSecOps threat modeling


Jim Gumbley, writing in Martin Fowler's valuable web site, gives us a simple, and very-approachable primer for how to do threat modeling in DevSecOps. I had previously not seen the thrilling NotPetya story before and really enjoyed that real-life cyber thriller.

If you are a software developer or DevOps professional and your perception of DevSecOps and information security is simply "minimal compliance with draconian InfoSec policies," you are in for a frustrating experience and you will develop inferior software services.

No comments: