Threat Informed Defense Series
A great, in depth series on threat modeling with ATTACK
Shostack + Friends Blog
CVE Futures
What’s next for the CVE program?
Andor, Season 2
Excited for Star Wars: Andor Season 2
Free Threats
Pray they don’t alter the price any further
A few thoughts on CVE
Thoughts on the CVE funding crisis
Assets, Again
What's wrong with this process?
Learning from Troy Hunt’s Sneaky Phish
Appsec Roundup - March 2025
Big news for LLMs in threat modeling!
Introducing the DEF CON 32 Hackers' Almanack
Grateful to introduce the Hackers' Almanack!
Security Researcher Comments on HIPAA Security Rule
A group of us have urged HHS to require better handling of security reports
OWASP Training in Barcelona
Register for OWASP training in Barcelona!
The Covid pandemic, 5 years on
Thinking about Covid, five years on.
The First Constitutional Crisis of 2025
Hoping to add a little clarity to the situation
Strategy for threat modeling AI
Clarifying how to threat model AI
RSAC Webinar: Building Resilient Systems
Upcoming RSAC webinar