Shostack + Friends Blog

 

Posts in category "threat model thursday"

 
 
 
 
 
A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege

 
 
 
 
screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
5G architecture map

Threat Model Thursday: 5G Infrastructure

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

 
 
 
 

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.

 
 
 
 
 
 
 
 
 

Threat Model Thursday: Games

For reasons I can't quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied.

 
 
 
 
 
 
testing building blocks of threat modeling

Testing Building Blocks

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.