Microsoft pushed a change to ASP.NET for a DoS vulnerability. Not only should you patch, but looking at the change control is worth your time.
https://github.com/aspnet/Announcements/issues/431
Speaking of .NET, Adam Chester has an awesome article about the debugger that is worth a look.
https://blog.xpnsec.com/debugging-into-net/
Sonatype has their annual report on the Software Supply Chain ready, which is a topic near and dear to my heart. You have to give them your email, but it is worth it.
https://www.sonatype.com/2020ssc
I spoke to the .NET Dev Group in Columbus about this topic in March and it got a little spicy.
https://www.youtube.com/watch?v=KWt0Brcc2Ag
Finally, here is another good analysis paper on the application security development lifecycle.
https://www.veracode.com/sites/default/files/pdf/resources/surveyreports/esg-modern-application-development-security-veracode-survey-report.pdf
Stay safe and well.
S