Application Security Roundup - May
A collection of interesting appsec posts.
A collection of interesting reads over the last few months:
- Supporting, influencing, and leading as a security practitioner, Izar Tarandach
- Scaling up appsec, Bárbara Vieira
- The Curse of Systems Thinkers (Part 1), Niall Murphy. Focuses on systems without making an explicit call to security, but security is always a systems property.
- The Fake Federal Agents Case Baffling US Intelligence Experts. People often ask ‘why would someone do that’ as we threat model. Keep this one in mind: motives are hard, and even in the police world of ‘means, motive, and opportunity’, they may be baffling. (See also: crazy, obsessive people.)
- SEC proposes requiring more cybersecurity disclosures (E&Y)
- Proposed SEC Cyber Rules: A Game Changer for Public Companies Paul Ferrillo and Christophe Veltsos, Harvard Law forum on corporate governance
- Adam on the Future of Appsec podcast
- What exactly does a threat modeler do? featuring Judy Kelly.
- Technology Assurance principles from the UK's NCSC. An interestingly holistic group, including ‘Product development', 'Design and functionality' and ‘Though-life’
Photo: Dave Lawler