


The One Thing That Can Make Your Threat Modeling Easy
Companies are starting to recognize the value (and requirements) of doing threat models for their applications and cloud infrastructure. And yet adoption of threat modeling as an organization-wide practice may be lower than expected. Why is that? To some extent,...
What to do When it’s Too Late to Shift Left Security?
There seems to be a general agreement that when it comes to implementing security in the software development lifecycle (SDLC), the sooner you do it the better. After all, the speed of software releases, the use of cloud-based services, the incorporation of automation...
Seven Common Misconceptions About Threat Modeling
There is general consensus in the DevSecOps community that threat modeling is a good thing. The sooner in the application development cycle you find a threat the less it costs to fix, and there’s hardly any better way to “shift left” than with threat modeling. So, why...