Shostack + Friends Blog

Interesting Reads: Risk, Automation, lessons and more!

Just what the title says.

The Cybok project has released its v1 "Risk Management & Governance Knowledge Area"; I was a reviewer.
Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden.
Steve Lipner offers "Lessons learned through 15 years of SDL at work"
Charles Wilson has perspective on threat modeling devices in "Does That Come in a Large? OS Scale in Threat Modeling
Lastly, apparently cockroaches can be magnetized: "Magnetized Dead Cockroaches Study Wins Ig Nobel — and It’s Amazingly Interesting."

Originally published by Adam on 15 Oct 2019
Categories: risk science software engineering threat modeling

Our Favorite Content

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Eternal sunshine of the spotless LLM

21 Apr 2024

Making an LLM forget is harder than it seems

Other comments on the CSRB Microsoft Report

17 Apr 2024

Leveraging our training platform

16 Apr 2024

How we leverage a platform for great training

CSRB Report on Microsoft

13 Apr 2024

The CSRB has released its report into an intrusion at Microsoft, and ... it’s a doozy.