Application and AI roundup - November
A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates
Shostack + Friends Blog
C2PA Threat Modeling
What can we learn from the C2PA security considerations document?
Threat Modeling Thursday: Thanksgiving
What can we learn from Gunnar Peterson’s Threat Model for Thanksgiving?
Application and AI roundup - October
Exciting news from the SEC, lots of AI, and lots of threat modeling.
Security Principles in 2023
Principles are lovely, but do they lead us to actionable results?
Adversarial Thinking and Wargames
Thinking about adversarial thinking
Threat Modeling on Sale
Best price ever for Threat Modeling
Application and AI roundup - September
September was a big month in appsec for both memory safety and policy
FDA Final Cyber Guidance is out
The FDA has released their new guidance, which will be broadly impactful.
Comparing Retrospectives
We can learn a lot from comparing retrospectives
Open training: Threat Modeling for Champs (October)
Seats are available in our October training
Application and AI roundup - August
Lots of interesting work in LLMs (again)
Airline Close Calls
Thoughts on an article on near misses
Use the Defcon Wifi
Why it’s ok to use the Defcon wifi
SEC Cybersecurity Rules
The SEC has important new cybersecurity rules