Shostack + Friends Blog

(21 Mar 2023)

I'm thrilled this how to guide for standing up new investigations is available. (19 Jul 2022)

I'm thrilled the first CSRB report is available. (14 Jul 2022)

The FDA has issued draft guidance for pre-market security (08 Apr 2022)

An important webinar by MDIC about the medical device threat modeling playbook is now available! (21 Nov 2021)

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

The timing of updates is not coincidental. (14 Apr 2021)

In a simpler age, Matt Stoller famously lost his job for critiquing Google. (09 Oct 2020)

Understanding the way intrusions really happen is a long-standing interest of mine. (20 May 2020)

A couple big stories in the realm of cryptography that got me excited. (16 Jan 2020)

A few tidbits in recent news. (11 Dec 2019)

Recently, I've seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. (02 Nov 2019)

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment. (11 Jul 2019)

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

[no description provided] (02 Oct 2018)

Our country's population is shifting, which could have a dramatic effect on politics. (24 Jul 2018)

[no description provided] (17 Jul 2018)

[no description provided] (21 Jun 2018)

[no description provided] (19 Jan 2018)