OWASP Keynote Available for Viewing!
Watch Adam's keynote 'Stop Trying to 'Manage Risk'' From OWASP 2025
If you've been following Adam's blog posts, you may have noticed the announcement of his talk Stop Trying to Manage Risk. We're excited to announce that Adam's keynote from OWASP Global AppSec DC 2025 is now available! All of the talks were great, so make sure you explore the whole playlist.
While reviewing the slides is great, the live recording allows you to hear Adam's presentation as well as the live Q+A at the end. Feel free to even follow along with your own copy of the deck from our previous blog post!
The thesis remains the same: people hope risk management will solve all their cyber problems. (People includes executives, engineers.) But if you're having some initial reactions, watch the recording to hear Adam's explanation and thought process about this complex domain.
Overall, OWASP Global AppSec DC 2025 was a blast. The Shostack + Associates team was excited to deliver our first Threat Modeling Intensive training with AI and attend ThreatModCon. Thank you to everyone for making these events possible, and we can't wait to see this vibrant community again!
Also, thanks to Hung Ngo for his careful editing work.
[Update, Dec 30: Some thoughtful commentary:
- Conversation with Richard Seiersen in Linkedin comments
- A GRC Practitioner's Response by Steve McMichael