Links
[tool] threatcl/threatcl: Documenting your Threat Models with HCL
[artigo] Product Security Plans: What They Are and Why They Matter
[wiki] Risk Based Prioritization
[tool] sonatype SBOM manager
[artigo] Jit | The Essential Components of a DevSecOps Pipeline