Shostack + Friends Blog

 

Posts in category "legislation"

screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
 

On Monopolies

In a simpler age, Matt Stoller famously lost his job for critiquing Google.

 
 

India's Intermediary Guidelines

I've signed on to Access Now's letter to the Indian Ministry of Electronics and Information Technology, asking the Government of India to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules.