Boring AppSec

Home
About
Edition 30: The SDLC is changing and so will AppSec (again)
Every time software development changes, so does AppSec. The LLM-powered coding era will be no different.
  
Sandesh Mysore Anand
Edition 29: Security slows down Change Management and we have a chance to fix it
One of the advantages of building a company is that you get to talk to many people.
  
Sandesh Mysore Anand
Edition 28: ADR v/s Shift-left should be looked at as a "Stock" v/s "Flow" problem
And like most "Stock" v "Flow" discussions, you need a bit of both.
  
Sandesh Mysore Anand
The times, they are A-changin
In the coming months, this newsletter will reflect the changes in my career: from being an AppSec operator to being a co-founder of an AppSec company.
  
Sandesh Mysore Anand
Edition 27: Secure by Design is important, but requires a different kind of industry effort to achieve it
CISA's Secure by Design has good intentions, but has an identity crisis. At this point, it may not move the needle on software security.
  
Sandesh Mysore Anand
Edition 26: Scaling Security Design Reviews and why the time is now
"Developer enablement" is all the rage in AppSec and rightly so. The best time to do it is just before they start building.
  
Sandesh Mysore Anand
[New Pod Announcement] Episode 1: - Asset Inventory
In the first episode of this brand new Podcast, Anshuman and I talk about software inventories. Why we need them, how to build them, and what to avoid.
  
Sandesh Mysore Anand
 and 
Anshuman Bhartiya
Boring AppSec
E1-27: Getting the Boring aspects of AppSec right E28+: All aspects of building AppSec products
Contact
Twitter
LinkedIn

Boring AppSec

AboutArchiveSitemap
© 2025 Sandesh Mysore Anand
PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture