Tanya Janca Avatar

Tanya Janca

Tanya Janca shehackspurple.dev

Where can we learn threat modelling?

The linked post is Tanya Janca advising on where (and how) you can learn threat modelling for yourself. What’s threat modelling?

… a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

See also: Matrin Fowler’s guide to threat modelling for developers.

Tanya Janca medium.com

Security bugs are fundamentally different than quality bugs

Tanya Janca compares and contrasts quality bugs and security bugs, arguing that they’re quite different and should be treated differently. This logic resonates with me and she has a lot of insights to share along the way. I particularly enjoyed this bit:

You cannot have a high-quality product that is insecure; it is an oxymoron. If an application is fast, beautiful and does everything the client asked for, but someone breaks into the first day that it is released, I don’t think you will find anyone willing to call it a high-quality application.

A good read all the way through to the end. 👍

Tanya Janca Medium

Why I love password managers

Tanya leads with this as a disclaimer “This article is for beginners in security or other IT folk, not experts.” — which means this is a 101 level post BUT is a highly important topic. Share as needed.

Passwords are awful … software security industry expects us to remember 100+ passwords, that are complex (variations of upper & lowercase, numbers and special characters), that are supposed to be changed every 3 months, with each one being unique. Obviously this is impossible for most people.

Tanya goes on to say…

If you work in an IT environment, you absolutely must have a password manager. I strongly suggest that anyone who uses a computer regularly and has multiple passwords to remember to get one, even if you don’t consider yourself tech savvy.

I fully agree. I also use 1Password and have done so for as long as I can possibly remember.

0:00 / 0:00