Shostack + Friends Blog

An important step towards cyber public health (16 Jan 2025)

(05 Jan 2025)

We have a new paper at NDSS (26 Feb 2024)

“It depends on your threat model...” (29 Apr 2021)

Something to consider (04 Dec 2020)

Contextualisation of Data Flow Diagrams for security analysis is a new paper to which I contributed. (09 Jun 2020)

There's an interesting new draft, Best Practices for IoT Security: What Does That Even Mean? by Christopher Bellman and Paul C. van Oorschot. (08 Jun 2020)

Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works. (11 May 2020)

This week's threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues. (23 Apr 2020)

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success. (07 Dec 2019)

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research. (26 Jul 2019)

Let’s explore the risks associated with Automated Driving. (08 Jul 2019)

The more we see it, the more we ignore it. (29 May 2019)

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. (16 Oct 2018)

[no description provided] (04 Dec 2017)

[no description provided] (20 Jul 2017)

[no description provided] (24 May 2017)

[no description provided] (25 Apr 2017)

[no description provided] (24 Apr 2017)

[no description provided] (18 Apr 2017)

[no description provided] (20 Feb 2017)