Shostack + Friends Blog

Posts in category "legislation"

a fuzzy landscape with people reading a map

The Appsec Landscape in 2023

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you. (05 Jan 2023)

screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. (15 Jul 2021)

Screenshot of Executive Order on White House website

Thoughts on the Executive Order

A new article by Steve Bellovin and myself at Lawfare. (07 Jun 2021)

On Monopolies

In a simpler age, Matt Stoller famously lost his job for critiquing Google. (09 Oct 2020)

Internet Society Opposition to LAED Act

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. (07 Jul 2020)

India's Intermediary Guidelines

I've signed on to Access Now's letter to the Indian Ministry of Electronics and Information Technology, asking the Government of India to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules. (18 Mar 2019)

Keeping the Internet Secure

[no description provided] (17 Jul 2018)

warehouse with many micro houses in various stages of completion

Threat Model Thursday: Architectural Review and Threat Modeling

[no description provided] (21 Jun 2018)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.