“SBOM” should not exist! Long live the SBOM.
This article by Steve Springett, who is at the center of the software bill of materials universe, explains what an SBOM is and why they should exist.
In defense of simple architectures
As security professionals, we love simple because complex is hard to secure. This article is about a 1.7 billion dollar company that runs its web app as a Python monolith on top of Postgres and how this simplified architecture runs a successful application.
Alex Mor -- Application Risk Profiling at Scale
How do you manage appsec when you have thousands of applications in an enterprise? Alex Mor joined the Application Security Podcast to talk about application risk profiling. He defines what it is, then walks through how to scale across an organization.
HOW INFRASTRUCTURE AS CODE SHOULD FEEL
This article is all about feelings...infrastructure feeling. It dives into how your infrastructurous code should feel; it should feel safe, better, etc. Check it out to understand this new way of thinking.
Improving software supply chain security with tamper-proof builds
We all still, to this day, struggle with the software supply chain. This article, showing how to better create tamper-proof builds, dives into SLSA and the principles you can apply to your software supply chain to make it more secure.

3 Cultural Obstacles to Successful DevSecOps Implementation
When our goal is to change security culture we must consider how to influence our developers while still caring for their needs. This article shares helpful insight into implementing successful security culture change within an organization. 

Brenna Leath -- Product Security Leads: A different way of approaching Security Champions
Brenna Leath, head of product security at SAS, visited the Application Security Podcast to share her insight on security champions and how she approaches this role in her organization with product security leads. We hope you enjoy this conversation with...Brenna Leath.

How GO Mitigates Supply Chain Attacks
This post, from the GO blog, dives into how this coding language mitigates supply chain attacks.

GitHub can now auto-block commits containing API keys, auth tokens
It is vital to keep private information, such as API keys, passwords and authentication tokens, secure. GitHub recently released a new update that scans code for this sensitive information before committing the code to a repository.

If you're not using SSH certificates you're doing SSH wrong
If you use SSH without certificates, this story may make you uneasy. The author argues why we shouldn't be using SSH with anything other than certificates in the modern day.

1. An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy
-https://www.usenix.org/publications/l...

We conducted our review of threat modeling tools in three main phases: Tool Discovery, Evaluation Criteria Selection, and Application of Evaluation Criteria.

2. In-depth research and trends analyzed from 50+ different concepts as code
-https://www.jedi.be/blog/2022/02/23/t...

•DevSecOps as code explosion
•Data as code
•Capturing knowledge as code

3. Security Journey Provides Free Application Security Training Environment for OWASP® Members
-https://www.securityjourney.com/post/...

Security Journey’s OWASP dojo will be open and available to all OWASP members starting April 1st. Members can access it in their member portal.

4. GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments
-https://github.com/99designs/aws-vault

AWS Vault is a tool to securely store and access AWS credentials in a development environment.

5. Avoiding the top Nginx configuration mistakes (nginx.com)
-https://www.nginx.com/blog/avoiding-t...

This blog takes a deep look at the 10 of the most common errors, 
sometimes even committed by NGINX engineers. The article will explain what are the 10 most common mistakes and how to fix them.