Attack Trees for Robust and Secure Design

Attack Trees as Allies in Threat Mitigation The ability to anticipate and proactively mitigate potential threats has become the holy grail for many organizations. In that pursuit many organizations turn to practices such as threat modeling, which I’ve written about before. While threat modeling can be a powerful tool in the organization’s toolchest, it can […]

Beyond AppSec: Securing the Product

“I’d like to change the name of my organization from Application Security to Product Security.” I remember broaching this topic to my CISO at the time. While it seems like a minor change, the reality is that there are significant differences. And there was a purpose behind it. What’s in a name While AppSec is […]

Redefining Security in DevSecOps

Embracing Threat Modeling for Agile Resilience Many years ago in software development the relationship between development and operations had given rise to DevOps —a union that has reshaped how we conceive and deliver software systems. The transition from traditional methodologies to the agile, integrated approach of DevOps marked a seismic shift. DevOps stitched together siloed […]

Defining Application Security

Software has become an integral part of almost every business and organization today, regardless of whether developing software is their core product or not. From rideshare companies to logistics firms, these companies rely heavily on software to drive their operations and provide value to their clients. But what are the fundamental parts of software development […]