Among the oldest problems in AppSec is making tradeoffs on assessment types (SAST, DAST, IAST and so on). This edition attempts to design a framework to help evaluate what works best for you
One of my team members just sent this to me and said how they were using the ideas here to help them with the Capability views I'm working with them to define :). I read half of it before I even noticed you wrote it bud :) Great job, keep it up. Podcast soon?