Shostack + Friends Blog

OWASP Keynote Available for Viewing!

Watch Adam's keynote 'Stop Trying to 'Manage Risk'' From OWASP 2025

Screenshot of the cover for Adam's keynote 'Stop Trying to 'Manage Risk''

If you've been following Adam's blog posts, you may have noticed the announcement of his talk "Stop Trying to 'Manage Risk'". After careful editing by Hung Ngo (shoutout for his help!), we're excited to announce that Adam's recording from OWASP Global AppSec DC 2025 is now live! All of the talks were great, so make sure you explore the whole playlist.

While reviewing the slides is great, the live recording allows you to hear Adam's presentation as well as the live Q+A at the end. Feel free to even follow along with your own copy of the deck from our previous blog post!

The thesis remains the same: people hope risk management will solve all their cyber problems. (People includes executives, engineers.) But if you're having some initial reactions, watch the recording to hear Adam's explanation and thought process about this complex domain.

Overall, OWASP Global AppSec DC 2025 was a blast. The Shostack + Associates team was excited to deliver our first Threat Modeling Intensive training with AI and attend ThreatModCon. Thank you to everyone for making these events possible, and we can't wait to see this vibrant community soon!

Originally published by Kris on 17 Dec 2025
Categories: security videos compliance

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.