- Linux Foundation: Developing Secure Software (LFD121)
- OWASP Top Ten: https://owasp.org/www-project-top-ten/
- NIST Secure Software Development Framework (SSDF): https://csrc.nist.gov/publications/detail/sp/800-218/final
- SLSA (Supply-chain Levels for Software Artifacts): https://slsa.dev/
- Writing Secure Code – Michael Howard, David LeBlanc
- The Tangled Web – Michal Zalewski
- Building Secure and Reliable Systems – Google SRE team
- SAST: SonarQube, Semgrep
- DAST: OWASP ZAP, Burp Suite
- SCA: Dependency-Check, Snyk, Trivy
- Microsoft SDL: https://www.microsoft.com/en-us/securityengineering/sdl
- CNCF Security Whitepaper: https://github.com/cncf/tag-security