December 2017

Post thumbnail

As I reflect back on 2017, I think it was a tremendously exciting year for threat modeling tooling. Some of the highlights for me include: OWASP Threat Dragon is a web-based tool, much like the MS threat modeling tool, and explained in Open Source Threat Modeling, and the code is at https://github.com/mike-goodwin/owasp-threat-dragon. What’s exciting is…

Read More Threat Modeling Tooling from 2017

Portfolio Thinking: AppSec Radar

At DevSecCon London, I met Michelle Embleton, who is doing some really interesting work around what she calls an AppSec Radar. The idea is to visually show what technologies, platforms, et cetera are being evaluated, adopted and in use, along with what’s headed out of use. Surprise technology deployments always make for painful conversations. This…

Read More Portfolio Thinking: AppSec Radar