Interesting Reads: Risk, Automation, lessons and more!Just what the title says.
- The Cybok project has released its v1 "Risk Management & Governance Knowledge Area"; I was a reviewer.
- Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden.
- Steve Lipner offers "Lessons learned through 15 years of SDL at work"
- Charles Wilson has perspective on threat modeling devices in "Does That Come in a Large? OS Scale in Threat Modeling
- Lastly, apparently cockroaches can be magnetized: "Magnetized Dead Cockroaches Study Wins Ig Nobel — and It’s Amazingly Interesting."