Shostack + Friends Blog

It's Not Working!

Help me help you...

As we launched the threat modeling manifesto, we ran into some trouble with TLS. Some of you even reported those troubles, by saying "it's not working."

Thanks.

That's so helpful.

Sarcasm aside, there's a basic form to a helpful bug report: "I did A, and observed B." If you want to make it really useful, add "I expected C," or even "and the impact is D."

Let me compare and contrast with an example:

"I clicked on the link I see in your post at (URL) in Chrome 86 on MacOS big sur, and I get a message "Host not found."

Again, to compare and contrast: "I tried to follow the link..." (How? Which link?)

Originally published by Adam on 25 Nov 2020
Categories: best practice

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.