Each week we scour the Internet for the best security articles we can find. Here are the five that are worth your time this week.

You can sign up for <hi/5> on the <hi/5> page on the Security Journey site.

“DevOps + Application Security = DevSecOps — As the industry has changed with the move towards DevOps, AppSec has had to change as well, weaving itself through The Three Ways to ensure that the highest quality software is produced.”

NIST’s new privacy rules – what you need to know

NIST has released a Privacy Framework to help you get your house in order. The Framework breaks down into three broad areas: the core, the profiles, and the implementation tiers. The core contains a set of five functions that you work through as part of your privacy assessment process. We love NIST CSF here and have high hopes that the Privacy Framework will fill the same gap in our industry.

microsoft/ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question ‘what’s in it’ using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature-level changes.

Real-World Threat Modelling

Five Pragmatic Tips from Someone Who Has Experienced the Pain and the Pleasure of Threat Modelling.

Technically, if nobody can access a set of passwords, it is secure!