Shostack + Friends Blog

Recent Blog Posts

NIST 800-218 revision

NIST 800-218 wants you! (27 Jan 2026)

 

Bitlocker, the FBI, and Risk

What can the Bitlocker story tell us about risk? (23 Jan 2026)

 

Security Advisory SA-26-01 GPS Attacks

GPS attacks trigger revisiting threat models (22 Jan 2026)

 

Threat Modeling Essentials at Archimedes 2026 Healthcare Security Week

Threat Modeling Essentials, led by Adam Shostack, is a standout offering at Archimedes 2026 Healthcare Security Week, Feb 18 in Las Vegas. (14 Jan 2026)

 

Take Control of What you Read, Redux

In 2026, it’s more important than ever to take control of what you read (11 Jan 2026)

 

Congratulations to ThreatModeler and IriusRisk!

Congratulations to all involved! (07 Jan 2026)

 

A few thoughts closing out 2025

Prompted by participants, a few closing thoughts for 2025 (31 Dec 2025)

 

Gavle Goat Survived 2025 - or did it?

Important news about current events (26 Dec 2025)

 

The Best Holiday Decorations

The best decorations ever (18 Dec 2025)

 

OWASP Keynote Available for Viewing!

Watch Adam's keynote 'Stop Trying to 'Manage Risk'' From OWASP 2025 (17 Dec 2025)

 

State of Threat Modeling 2024-2025

The first-ever, community-powered report on threat modeling (12 Dec 2025)

 

Windows Links and Usable Security

Some dialogs can harm the viewer (05 Dec 2025)

 

Secure By Design roundup - November 2025

Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets? (30 Nov 2025)

 

Recent accessibility improvements for the Shostack + Associates website

Accessibility is an ongoing process. Learn about some recent updates to the Shostack + Associates website that increase accessibility and usability. (25 Nov 2025)

 

OWASP Threat Modeling Reboot

Get in, we’re rebooting the OWASP Threat Modeling project! (17 Nov 2025)