Shostack + Friends Blog

Posts in category “government”

Security Researcher Comments on HIPAA Security Rule

A group of us have urged HHS to require better handling of security reports (20 Mar 2025)

An ai generated image of people voting in 1860

Party over country

One of the things we expect of a politician in a civilized country is that they put their country first. (13 Oct 2024)

The election of 1860, imagined by Midjourney

On Democracy

Democracy has one function, and it’s under threat. (06 Oct 2024)

The Declaration of Independence of the United States of America

The Unanimous Declaration of the Thirteen United States of America

When was the last time you looked over what our country was founded upon? (04 Jul 2024)

The National CyberSecurity Strategy: Liability is Coming

(21 Mar 2023)

Major Cyber Incidents Investigations

I'm thrilled this how to guide for standing up new investigations is available. (19 Jul 2022)

The cover from the CSRBs inaugural report.

Congratulations to the CSRB!

I'm thrilled the first CSRB report is available. (14 Jul 2022)

Document title: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff

FDA Draft Premarket Guidance

The FDA has issued draft guidance for pre-market security (08 Apr 2022)

screenshot from video: threat modeling webinar

Medical Device Threat Modeling Webinar

An important webinar by MDIC about the medical device threat modeling playbook is now available! (21 Nov 2021)

Threat Model Thursday: 5G Infrastructure

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn. (01 Jul 2021)

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

The Updates Must Go Through

The timing of updates is not coincidental. (14 Apr 2021)

On Monopolies

In a simpler age, Matt Stoller famously lost his job for critiquing Google. (09 Oct 2020)

How Are Computers Compromised (2020 Edition)

Understanding the way intrusions really happen is a long-standing interest of mine. (20 May 2020)

slow exposure of busy traffic intersection at night

Cryptographic Excitement

A couple big stories in the realm of cryptography that got me excited. (16 Jan 2020)

Encryption & Privacy Policy and Technology

A few tidbits in recent news. (11 Dec 2019)

Medical Device Security Standards

Recently, I've seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. (02 Nov 2019)

NIST on SDLs

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment. (11 Jul 2019)

The Unanimous Declaration of the Thirteen United States of America

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

The Unanimous Declaration of the 13 United States

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

CVE Funding and Process

[no description provided] (02 Oct 2018)

map identifying the most populated states in the US

Half the US population will live in 8 states

Our country's population is shifting, which could have a dramatic effect on politics. (24 Jul 2018)

Keeping the Internet Secure

[no description provided] (17 Jul 2018)

warehouse with many micro houses in various stages of completion

Threat Model Thursday: Architectural Review and Threat Modeling

[no description provided] (21 Jun 2018)

Fire and building codes

[no description provided] (19 Jan 2018)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.