Threat Modeling Your Dependencies - Part 2
Mitigating Third-Party Component Risk: Swapping the Cancer for...
Author: Brett Crawley (40)
Brett is a Seasoned Application Security Engineer and Thought Leader with a Proven Track Record in Software Engineering and Security Best Practices.
Brett has over 10 years of application security experience and 25 years in software engineering. He holds (ISC)² certifications including CISSP, CSSLP, and CCSP. As the author of Threat Modeling Gameplay with EoP and the project lead for the OWASP Application Security Awareness Campaigns, Brett actively contributes to the security community. He also maintains the Ostering.com blog, where he shares insights on security practices.
Brett has successfully collaborated with teams to define security best practices and integrate security by design into their software development lifecycle (SDLC). His training initiatives in threat modeling have led to significant improvements in design quality and security awareness within organizations.
In his spare time, Brett enjoys sports, gardening, cooking, and photography. He is fluent in both English and Italian and holds dual citizenship.
Key Skills: Secure by Design, Privacy by Design, Threat Modeling (STRIDE, EoP, Privacy, LinddunGO, Plot4AI), Secure Coding, Vulnerability Management, and more.
Brett welcomes connections and opportunities to collaborate on innovative security solutions.
Threat Modeling Your Dependencies - Part 1
How One Bad Library Can Poison Your Entire...
Your SBOM Data Has Been Gathering Dust - Until Now
I’ve been talking about graphs for dependency analysis...
SAST vs Claude Code Security: A Deep Dive
SAST vs Claude Code Security: A Deep Dive...
Why SAST is Broken!
Why SAST is broken, and how it could...
Cursor as your Secure Dev Team
Cursor as your Secure Dev Team What I...
Kicking Off Security Maturity
Building an AppSec Program: A Collaborative Approach Are...
Is Your AI Philosophy Broken?
AI-Generated Code: Productivity Gains, Security Pains, and the...
Ideas and Opinions from the Trenches
There are lots of ways we can optimise what we do, through a data driven approach, but we need to be careful and use critical and creative thinking.
What! Think before coding? WHY?
Why are so many people just diving, straight into the code? A minimum of requirements and design? Perhaps a threat Model?
Software Engineering Security Culture
We need to fix the culture, from top to bottom in the software engineering industry. Here are just some of the issues as I see them and what we should be doing about them.
Threat Modeling Gameplay with EoP
Coming soon to a bookshelf near you, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
Browse all Topics
- Accountability
- AI
- ANTLR
- Application Security
- AppSec
- Artificial Intelligence
- Authentication
- Authorization
- Awareness
- Binary
- CAPEC
- Centrality
- Certificates
- Change
- Claude Code Security
- Clean House
- Compiler Compilers
- Compliance
- Culture
- Cursor AI
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- Leadership
- learning
- Legislation
- Manners
- Miro
- Miroverse
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- Ownership
- PageRank
- Parser Generators
- PicketLink
- Posters
- Precision
- Programming Languages
- Public Key Cryptography
- Python
- Reachability
- Recall
- Responsibility
- Risk
- Running
- SAML
- SAST
- SBOM
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Security by Design
- Security Maturity
- Social Engineering
- Software Architecture
- Software Composition Analysis
- Software Design
- Source Code
- SSL
- SSO
- Strategy
- STRIDE
- Supply Chain Security
- Threat Modeling
- Threat Modelling
- TLS
- Tomcat
- Top 10
- TRIM
- Trustworthyness
- Vulnerability Management
- Wildfly