Sunday 23 October 2016

Published "SecDevOps Risk Workflow" book (v0.60)

I just published version v0.60 of the SecDevOps Risk Workflow book.

You can get the book (for free) at (when you become a reader you will get email alerts with every release)

The diff for this version (with v0.57) shows 138 changed files, 459 additions and 174 deletions.

Here are the main topics added:

  • “Getting Assurance and Trust from Application Security Tests”
  • “Hyperlink everything you do”
  • “Developer Teams Need Budgets”
  • “Developers Should be Able to Fire Their Managers”
  • “Every Bug is an Opportunity”
  • “Code Confidence Index”
  • “Chained threat models”
  • “Security makes you a Better Developer”
  • “When Failed Tests are Good”
  • “Creating Small Tests”
  • “Creating Abuse Cases”
  • “Deliver PenTest reports using JIRA”
  • “Email is not an Official Communication Medium”
  • “Making it expensive to do dangerous actions”

Please submit any issues or suggestions at