also https://github.com/google/eng-practices
email lists
- https://maleallies.com/
- https://hello.cultureamp.com/subscribe-to-the-people-geekly
- https://andrewchen.co/
- https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without
- https://12factor.net/
- https://cheatsheetseries.owasp.org/index.html
- https://sudo.pagerduty.com/
- vendor sec assessment
- https://haveibeenpwned.com/
- https://developer.github.com/partnerships/token-scanning/
- compliance vendors:
- coalfire, a-lign, armanino, ncc group
- pentest vendors:
- https://application.security/
- https://snyk.io/
- https://doppler.com/
- https://github.com/rawdigits/go-flashpaper
- https://darknetdiaries.com/
- google SRE book
- getting infra-as-code off the ground (terraform): https://gruntwork.io/
- https://github.com/etsy/DebriefingFacilitationGuide
- https://how.complexsystems.fail/
- https://pro.whitepages.com/ (vet employer/identity)
- https://www.lexisnexis.com/en-us/gateway.page (vet employer/identity)
- https://risk.lexisnexis.com/products/threatmetrix
- https://emailage.com/ (vet e-mail legitimacy)
industry-collaborative risk-data-exchange project:
- https://www.zerofox.com/ (commercial company)
- https://developers.facebook.com/products/threat-exchange (by fb)
- arkose labs, perimeterX, Shape, Cequence
- https://layeraleph.com/ (mikeyd@)