Sign up to save your podcasts
Or
Share Threat Model Framework, Decision Tree Generator, Npm Audit, and more
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Threat Model Framework, Decision Tree Generator, Npm Audit, and more
1. How we're creating a threat model framework that works for GitLab
While our Security team owns the framework, we don't "run" it. It is run by the people who are running the project.
2.Deciduous: A Security Decision Tree Generator
Security decision trees are a powerful tool to inform saner security prioritization when designing, building, and operating software systems.
3.npm audit: Broken by Design
I see the point, but I also disagree – SCA and finding/mitigating supply chain issues is a security requirement.
4.Trusted Types - mid 2021 report
"We believe Trusted Types are necessary to obliterate DOM XSS, one of the most prevalent web application vulnerabilities."
5.When shifting security left falls off a cliff
The author talks about the dangers of pushing security too far left, where tools can hinder the dev instead of providing value.
View all episodes
By Security Journey1. How we're creating a threat model framework that works for GitLab
While our Security team owns the framework, we don't "run" it. It is run by the people who are running the project.
2.Deciduous: A Security Decision Tree Generator
Security decision trees are a powerful tool to inform saner security prioritization when designing, building, and operating software systems.
3.npm audit: Broken by Design
I see the point, but I also disagree – SCA and finding/mitigating supply chain issues is a security requirement.
4.Trusted Types - mid 2021 report
"We believe Trusted Types are necessary to obliterate DOM XSS, one of the most prevalent web application vulnerabilities."
5.When shifting security left falls off a cliff
The author talks about the dangers of pushing security too far left, where tools can hinder the dev instead of providing value.