Shostack + Friends Blog

Posts in category "cloud security"

Insecurity of Government Infrastructure

We have a new paper at NDSS (26 Feb 2024)

A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege (06 Apr 2023)

Threat Modeling Google Cloud (Threat Model Thursday)

NCC has released a threat model for Google Cloud Platform. What can it teach us? (01 Mar 2023)

Threat Modeling Password Managers

[no description provided] (17 Jul 2017)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Is Cybersecurity Awareness Month Worth the Money?

18 Nov 2024

How can we measure the ROI on an awareness month?

Car Safety Factoids

16 Nov 2024

A few thoughts from a clickbait headline

Purple States

13 Nov 2024

The United States is less divided than common maps portray.

Why do we call them trust boundaries?

06 Nov 2024

Why do we call them trust boundaries, anyway?

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.