Shostack + Friends Blog

Posts in category "microsoft"

Why do we call them trust boundaries?

Why do we call them trust boundaries, anyway? (06 Nov 2024)

An AI image of A person typing at a computer in a text on screen, but the words are changed on the monitor of a different person's screen

Sutter on Safety

What do we need to assess if memory safe langages are 'sufficient'? (29 Apr 2024)

Cartoon talk bubbles on the report title

Other comments on the CSRB Microsoft Report

Other people have written about the CSRB report, and I wanted to share their perspectives. (17 Apr 2024)

The cover page from the Computer Safety Review Board’s ‘Review of the Summer 2023 Microsoft Exchange Online Intrusion’

CSRB Report on Microsoft

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy. (13 Apr 2024)

Application and AI roundup - October

Exciting news from the SEC, lots of AI, and lots of threat modeling. (09 Nov 2023)

An AI generated image of a bright watercolor of storm clouds passing over a corporate campus, filled with low square concrete buildings. All are surrounded by well manicured lawns. In the background is the iconic arecebo radio telescope

Comparing Retrospectives

We can learn a lot from comparing retrospectives (19 Sep 2023)

Microsoft Can Fix Ransomware Tomorrow

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow. (05 Jul 2023)

Application Security Roundup - Feb

This month is all about memory safety, unless you’re a standards group. (27 Feb 2023)

An AI generated image of a robot making converation at a cocktail party

Bing’s ChatGPT

ChatGPT in the headlines again (21 Feb 2023)

a fuzzy landscape with people reading a map

The Appsec Landscape in 2023

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you. (05 Jan 2023)

screenshot from video: breaking into threat modeling

25 Years of Appsec - Appsec Global

Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future. (11 Nov 2021)

What are we going to do: CO2 edition

What happened when Microsoft tried to buy climate abatements (05 Oct 2021)

The Updates Must Go Through

The timing of updates is not coincidental. (14 Apr 2021)

Microsoft Autoupdate hangs Excel 16.47.21032301

Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. (26 Mar 2021)

Conway's Law and Software Security

[no description provided] (06 Jun 2018)

The Fights We Have to Fight: Fixing Bugs

[no description provided] (08 Nov 2017)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.