Shostack + Friends Blog

A few thoughts from a clickbait headline (16 Nov 2024)

BlackHat invites human factors work (19 Feb 2024)

An interesting discovery, hidden in Leonardo da Vinci's notebooks (10 Mar 2023)

A beautiful comparison site that allows you to see how the Webb telescope compares to Hubble. (18 Jul 2022)

I've been working with the CyberGreen Institute to develop public health as a way of thinking about cybersecurity. (02 Jun 2022)

Life will find a way! (13 May 2022)

Roger Grimes has an exciting new model of scams that's going to transform how we teach people ot defend against them. (31 Mar 2022)

The Evergreen line has had another ship run aground. (23 Mar 2022)

The definition of insanity is doing the same thing over and over and expecting different results. We can do better, and a major new report explains how. (15 Nov 2021)

What happened when Microsoft tried to buy climate abatements (05 Oct 2021)

The pandemic gives us a chance to evaluate AI tools...you'll be shocked to discover how they did. (04 Aug 2021)

A new article by Steve Bellovin and myself at Lawfare. (07 Jun 2021)

The National Science Foundation is looking for information on needs for datasets. (20 May 2021)

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside. (15 May 2021)

If everyone agrees on what we should do, why do we seem incapable of doing it? (23 Apr 2021)

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines. (28 Dec 2020)

It's easy to forget that the Lunar Reconnaissance Orbiter has been circling the moon for nearly a dozen years.. (27 Dec 2020)

Check out this close-up of a dinosaur tail preserved in amber! (24 Dec 2020)

The video of my Distinguished Lecture at Ruhr University Bochum is now online, and I've got reference to share as well. (07 Dec 2020)

A recent post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security, shares the context of socio-technical approaches. (24 Jul 2020)

Phil Bull presents an interesting, generally convincing, argument in 'Why you can ignore reviews of scientific code by commercial software developers', with a couple of exceptions. (26 May 2020)

Understanding the way intrusions really happen is a long-standing interest of mine. (20 May 2020)

As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. (26 Feb 2020)

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success. (07 Dec 2019)

Just what the title says. (15 Oct 2019)

Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. (04 Sep 2019)

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research. (26 Jul 2019)

The more we see it, the more we ignore it. (29 May 2019)

[no description provided] (25 May 2018)

Near misses are an important source of information for avoiding accidents, and it's a shame we don't use them in cybersecurity. (06 Feb 2018)

[no description provided] (05 Jan 2018)

[no description provided] (20 Sep 2017)

[no description provided] (25 Aug 2017)

[no description provided] (11 Aug 2017)

[no description provided] (30 Jun 2017)

[no description provided] (05 Jun 2017)

[no description provided] (25 Apr 2017)