Sunday 6 November 2016

Published "SecDevOps Risk Workflow" book (v0.65)

I just published version v0.65 of the SecDevOps Risk Workflow book.

You can get the book (for free) at (when you become a reader you will get email alerts with every release)

The diff for this version (with v0.63) shows 115 commits, 59 changed files, 545 additions and 355 deletions.

Here are the main topics created or updated:
  • “The Pollution Analogy”
  • “Risk Workflow for Software Vendors”
  • “Security Champions Involved In Decisions”
  • “Is The Decision Hyper Linked”
  • “Horizontal Dev Ops”
  • “Good Managers Are Not The Solution”
  • “Feedback Loops”
  • “Learning resources”
  • “Abusing the concept of RISK”
  • “Make sure your Security Champions are given time”
  • “Using Git as a Backup Strategy”
  • “Threat Model per Feature”
  • “Threat Model Confirms Pen Test”
  • “Can’t do Security Analysis when doing Code Review”
  • “Employ Graduates to Manage JIRA”
  • “Linking source code to Risks”
  • “Why GitHub and JIRA?”
  • “Risk Dashboards and emails”
  • “The Authentication micro-service cache incident”

Please submit any issues or suggestions at