From cf2401128a582f5a16d0bde75cf91653a35cbc5c Mon Sep 17 00:00:00 2001
From: Charles-Axel Dein <120501+charlax@users.noreply.github.com>
Date: Mon, 13 Sep 2021 09:25:01 +0200
Subject: [PATCH] Add some security links

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index c396932..e363ec3 100644
--- a/README.md
+++ b/README.md
@@ -593,6 +593,7 @@ Check out my [list of management resources](https://github.com/charlax/engineeri
 - [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Architectural Decision Records](https://adr.github.io/): a way to document architecture decision.
 - [The documentation system](https://documentation.divio.com/)
+- [Checklist for checklists](https://www1.nyc.gov/assets/doh/downloads/pdf/em/gawande_checklist.pdf)
 
 > The palest ink is more reliable than the most powerful memory.
 > -- Chinese proverb
@@ -1029,7 +1030,16 @@ Testing in production:
   - Three Rs to do every few hours: rotate secrets automatically, repave servers and applications (redeploy on clean footprint), repair vulnerable.
   - Don’t use exceptions for the control flow.
 - [OWASP Top Ten Web Application Security Risks](https://owasp.org/www-project-top-ten/)
+  - [How to start an AppSec program with the OWASP Top 10](https://owasp.org/Top10/A00_2021-How_to_start_an_AppSec_program_with_the_OWASP_Top_10/)
 - [ukncsc/zero-trust-architecture: Principles to help you design and deploy a zero trust architecture](https://github.com/ukncsc/zero-trust-architecture)
+- 🏙 [Minimum Viable Security](https://speakerdeck.com/jacobian/minimum-viable-security-wharton-web-conference-2015)
+- [The Open Software Assurance Maturity Model](https://www.opensamm.org/)
+
+Training for developers:
+
+- [Hacksplaining](https://www.hacksplaining.com/)
+- [Codebashing](https://free.codebashing.com/)
+- [OWASP Security Knowledge Framework](https://owasp.org/www-project-security-knowledge-framework/)
 
 List of resources: