Appsec Roundup - Oct 2024
If you say liability three times, it appears!
Shostack + Friends Blog
Posts in category “cloud security”
The Universal Cloud TM -- Threat Model Thursday
A new universal threat model - what can we learn from it?
Sutter on Safety
What do we need to assess if memory safe langages are 'sufficient'?
Other comments on the CSRB Microsoft Report
Other people have written about the CSRB report, and I wanted to share their perspectives.
CSRB Report on Microsoft
The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.
Insecurity of Government Infrastructure
We have a new paper at NDSS
Application and AI roundup - May
This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years.
Cumulus
Cumulus is a cloud-oriented version of Elevation of Privilege
Threat Modeling Google Cloud (Threat Model Thursday)
NCC has released a threat model for Google Cloud Platform. What can it teach us?
Application Security Roundup - Feb
This month is all about memory safety, unless you’re a standards group.
How Are Computers Compromised (2020 Edition)
Understanding the way intrusions really happen is a long-standing interest of mine.
Actionable Followups from the Capital One Breach
What have we learned and what steps can we take?
Threat Model Thursday: Google on Kubernetes
[no description provided]
Threat Modeling Tooling from 2017
[no description provided]
Threat Modeling Password Managers
[no description provided]
2017 and Tidal Forces
[no description provided]