Shostack + Friends Blog

 

Posts in category "threat model thursday"

screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
5G architecture map

Threat Model Thursday: 5G Infrastructure

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

 
 
 
person creating smoke with handheld device

Threat Model Thursday: Technology Consumers

There's an interesting paper by Becky Kazansky, "It depends on your threat model": the anticipatory dimensions of resistance to data-driven surveillance. The author critiques 'anticipatory data practices', a collection of techniques that include my own work, as presented to civil society activists. It opens "While many forms of data-driven surveillance are now a ‘fact’ of contemporary life amidst datafication, obtaining concrete knowledge of how different institutions exploit data presents an ongoing challenge, requiring the expertise and power to untangle increasingly complex and opaque technological and institutional arrangements."

 
 
 
 
 
 
 
 
 
 

Threat Model Thursday: Games

For reasons I can't quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied.

 
 
 
 
 
 

Testing Building Blocks

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: