Learning Lessons from Aviation
The definition of insanity is doing the same thing over and over and expecting different results. We can do better, and a major new report explains how.
Shostack + Friends Blog
Posts in category “measurement”
25 Years of Appsec - Appsec Global
Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future.
The COVID testbed and AI
The pandemic gives us a chance to evaluate AI tools...you'll be shocked to discover how they did.
Code: science and production
Phil Bull presents an interesting, generally convincing, argument in 'Why you can ignore reviews of scientific code by commercial software developers', with a couple of exceptions.
Empirical Evaluation of Secure Development Processes
Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success.
DNS Security
I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.
Polymorphic Warnings On My Mind
The more we see it, the more we ignore it.
Leave Those Numbers for April 1st
Over-inflated numbers won't scare me into buying your ‘solution’.
Airline Safety
Airplanes are filthy...
Measuring ROI for DMARC
I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.
The DREAD Pirates
[no description provided]
John Harrison's Struggle Continues
[no description provided]
Babylonian Triginometry
[no description provided]