Shostack + Friends Blog

Posts in category "reports and data"

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works. (11 May 2020)

NTSB on Uber (Preliminary)

[no description provided] (25 May 2018)

Calls for an NTSB?

[no description provided] (20 Feb 2017)

Modeling Attackers and Their Motives

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why. (11 Nov 2014)

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.