Shostack + Friends Blog

A busy month in appsec, AI, and regulation. (29 Mar 2024)

A busy month in appsec, AI, and regulation. (05 Mar 2024)

A busy month+ in appsec, AI, and regulation. (29 Jan 2024)

2024 is bringing lots of AI, and Liability, too (02 Jan 2024)

A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates (30 Nov 2023)

Exciting news from the SEC, lots of AI, and lots of threat modeling. (09 Nov 2023)

September was a big month in appsec for both memory safety and policy (04 Oct 2023)

Lots of interesting work in LLMs (again) (30 Aug 2023)

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years. (30 May 2023)

Some diagrams to help clarify machine learning threats (13 Apr 2023)

Cumulus is a cloud-oriented version of Elevation of Privilege (06 Apr 2023)

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news. (05 Apr 2023)

Interesting reads this month include signals from the administration, a history of appsec by one of the originals, and a longread from Apple about kernel memory design. (30 Nov 2022)

Interesting appsec posts: machine learning, performance, and C4 (30 Sep 2022)

Interesting appsec posts: machine learning, performance, and C4 (30 Jul 2022)

Interesting appsec posts: from medical devices to bridges. (28 Jun 2022)

A collection of interesting appsec posts. (12 May 2022)

Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future. (11 Nov 2021)

Time flies and things change... A look back on the growth of this industry. (09 Aug 2021)

AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria. (14 May 2021)

(24 Mar 2021)