Julian Cohen and Michal Zalewski share their opinions on building a product security program. I find them incredibly on-point:
And here's another page that ties up maturity and DevSecOps and looks interesting:
Happy reading!
Thank you to my colleague Luis for sharing these.
