Sunday 30 October 2016

Published "SecDevOps Risk Workflow" book (v0.63)

I just published version v0.63 of the SecDevOps Risk Workflow book.

You can get the book (for free) at (when you become a reader you will get email alerts with every release)

The diff for this version (with v0.60) shows 113 commits, 63 changed files, 667 additions and 185 deletions.

Here are the main topics created or updated:
  • “Run Apps Offline”
  • “5000% code coverage”
  • “Annual Reports should contain a section on InfoSec”
  • “Why SecDevOps?”
  • “In DevOps Everything is Code”
  • “Do security reviews every sprint”
  • “Using Artificial Intelligence for proactive defense”
  • “If you have a heartbeat, you qualify!”
  • “What it takes to be a Security Champion”
  • “If you don’t have an Security Champion get a mug”
  • “How to review Applications as a Security Champion”
  • “Risk accepting threat model”
  • “Inaction is a risk”
  • “Create an Technology Advisory Board”
  • “Conference for Security Champions”
  • “Collaboration Technologies”
  • “The smaller the ticket scope the better”
  • “Describe Risks as Features rather than as Wishes”
  • “Capture knowledge when developers look at code”
  • “Using logs to detect risks exploitation”
  • “Understand Every Project’s Risks”
  • “Feedback loops are key”
  • “Cloud Security”
  • “Creating better briefs”
  • “I don’t know the security status of a website”
  • “Relationship with existing standards”

Please submit any issues or suggestions at