Andor Threats: Information Disclosure
What Andor can teach us about Information disclosure threats
Shostack + Friends Blog
The Empire’s Threat Modeling
Get one fourth off for May the fourth!
Appsec Roundup - April 2025
Threat modeling. So much threat modeling, and so much more, including foreshadowing of new rules from FDA.
Threat Informed Defense Series
A great, in depth series on threat modeling with ATTACK
CVE Futures
What’s next for the CVE program?
Andor, Season 2
Excited for Star Wars: Andor Season 2
Free Threats
Pray they don’t alter the price any further
A few thoughts on CVE
Thoughts on the CVE funding crisis
Assets, Again
What's wrong with this process?
Learning from Troy Hunt’s Sneaky Phish
Appsec Roundup - March 2025
Big news for LLMs in threat modeling!
Introducing the DEF CON 32 Hackers' Almanack
Grateful to introduce the Hackers' Almanack!
Security Researcher Comments on HIPAA Security Rule
A group of us have urged HHS to require better handling of security reports
OWASP Training in Barcelona
Register for OWASP training in Barcelona!
The Covid pandemic, 5 years on
Thinking about Covid, five years on.