Secure By Design roundup - November 2025
Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets?
Shostack + Friends Blog
Recent Blog Posts
Recent accessibility improvements for the Shostack + Associates website
Accessibility is an ongoing process. Learn about some recent updates to the Shostack + Associates website that increase accessibility and usability.
OWASP Threat Modeling Reboot
Get in, we’re rebooting the OWASP Threat Modeling project!
Publishing ‘Publish Your Threat Model’
Two new versions of our “Publish your threat model” work are now available.
Secure By Design roundup - October 2025
Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more!
Stop Trying to Manage Risk!
Risk doesn’t do what we hope. We need to talk.
October Adam's New Thing!
Read up on Adam's New Thing from October
The Moonwalkers
Go see The Moonwalkers
OWASP Board Thoughts 2025
Please vote for the OWASP 2025 board
LeanAppSec Announcement
Watch a masterclass in effective security processes
AI Insurance Won't Save You
LLM Insurance is, and will remain, a great source of insurer profits.
Secure By Design roundup - September 2025
The secret service, the CSRB, the CMMC, Sept was pretty busy in government. Plus Apple's Memory Integrity and a nice short paper on prompt-based attacks.
Adam Featured on Inside MedTech Innovation
Learn from the past and advance your threat modeling skills!
Lunar Rover Vehicle, Redux
What can the moon buggy teach us about modeling?