Application and AI roundup - August
Lots of interesting work in LLMs (again)
You can spell appsec without “LLM,” but only if you’re living in the past. And so, this roundup starts off with several general articles about LLMS, then we get to the appsec applications and appsec in general.
AI
- All the Hard Stuff Nobody Talks About when Building Products with LLMs, by Phillip Carter.
- AI Statement by publisher Neil Clarke, whose publication was DDoS'd by a flood of LLM-generated stories because they pay good rates.
- Software Systems in a World of LLMs, by Davis Treyberg.
- The Threat Model of AI, by Matt Clapham.
- The OWASP Top 10 for Large Language Model Applications was released.
Application Security
- Letting go of perfect, Jamie Dicken writes about how perfection is the enemy of scaling threat modeling.
- Examining OpenSSH Sandboxing and Privilege Separation, by Yair Mizrahi. OpenSSH does an excellent job at attenuating its privileges, and anyone who writes code that sometimes needs extra privilege can learn from this.
- Forrester Total Economic Impact(™) of IriusRisk Threat Modeling looks at the IriusRisk Threat Modeling Tool’s economic impact. Much of it generalizes to threat modeling overall, and the way the impacts are broken out are worth some thought.
- The Center for Medicare Security has a threat modeling handbook.
- Regulatory Requirements on Threat Modelling reaches the APAC region, “Singapore’s 2018 Cybersecurity Act indirectly makes it a criminal offence not to perform cybersecurity risk assessments which include threat modelling on computers and systems that have been designated by the Cybersecurity Agency (CSA) as Critical Information Infrastructure (CII).”
- Amazon has released a Threat Composer, a “simple threat modeling tool to help humans to reduce time-to-value when threat modeling.”
Image by Midjourney: an AI reading a book, while being hacked by evil disney characters. cinematic, dramatic, professional photography, studio lighting, studio background, advertising photography, intricate details, hy↩ per-detailed, ultra realistic, 8K UHD --ar 8:3 --v 5.0