risk management
“What are my top risks? How can I mitigate them?” James Clear, 3-2-1: Eliminating Tasks, Optimizing for Your Interests, and Sharing Knowledge
evaluating threat modeling diagrams
“Can we tell a story without changing the diagram? Can we tell that story without using words such as “sometimes” or “also”? Can we look at the diagram and see exactly where the software will make a security decision? Does the diagram show all the trust boundaries, such as where different …
CISA publishes “secure by design” principles
The PDF is here..