Shostack + Friends Blog

Posts in category "compliance"

Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee

Adam on Healthcare Info Security podcast (07 Apr 2024)

a fuzzy landscape with people reading a map

The Appsec Landscape in 2023

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you. (05 Jan 2023)

NIST Brings Threat Modeling into the Spotlight

New at Darkreading, a post on NIST and threat modeling (23 Sep 2021)

Incentives and Multifactor Authentication

What if we gamified security? (01 Feb 2019)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Is Cybersecurity Awareness Month Worth the Money?

18 Nov 2024

How can we measure the ROI on an awareness month?

Car Safety Factoids

16 Nov 2024

A few thoughts from a clickbait headline

Purple States

13 Nov 2024

The United States is less divided than common maps portray.

Why do we call them trust boundaries?

06 Nov 2024

Why do we call them trust boundaries, anyway?

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.