Closed Ambg05 closed 7 years ago
DinisCruz
commented
7 years ago I mean push as in 'appsec security push'. So you can say 'You really need to do a security push to get a sense of...' , but it might be better to just say 'You need to do a security review to get a sense of...'
Also can you link to the relevant article? (in this case Do security reviews every sprint and add the label 'question' to your questions
DinisCruz
commented
7 years ago also, please close the issue when you are happy with the answer and have submitted the PR
thx :)
Ambg05
commented
7 years ago Thanks Dinis. I've made those changes, but the procedure I followed for this file wasn't quite the same as for #176. If I've made created another PR would you list the steps I should follow when you get a chance, so that I don't do that again.
DinisCruz
commented
7 years ago for reference I moved the file to https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/blob/master/content/From-audio/To-Fix/Do-security-reviews-every-sprint.md
I placed it in the audio/to-fix folder because there was not PR for it on this repo
I am unsure if there is a specific meaning for "push" in the following phrase taken from the security review file: “You really need to do a push to get a sense of whether the original threats . . .”
Does it make sense if I amend this to "You really need to push your security review to get a sense of . . "