Shostack + Friends Blog

 

Secure By Design roundup - September 2025

The secret service, the CSRB, the CMMC, Sept was pretty busy in government. Plus Apple's Memory Integrity and a nice short paper on prompt-based attacks. a photograph of a robot, sitting in a library, working on a jigsaw puzzle

Threat Modeling

Appsec

  • Apple released an extensive blog post on Memory Integrity Enforcement. Nice work, and its important to recognize the value of platforms in enabling “undifferentiated” appsec, letting software producers focus on their unique threats.

AI

Regulation

Shostack + Associates News

  • We’re launching a new course at OWASP Appsec Global DC: Threat Modeling Intensive with AI. How can we use LLMs to help us threat model effectively, and how can we use them to help scale? We’re a bit over a month away, and the content’s coming together nicely.
  • Adam will be keynoting at the main AppSec Global event.