Secure development
Opened this issue · 0 comments
dmspils commented
Is there an argument to expand [1] to include things like:
- the use of threat modelling to identify risks and to align with the concept of continuous risk management.
- getting devs to do security is better than asking security people to do development - so create networks of security champions.