Shostack + Friends Blog

The ship from 2001 shooting as if it's a death star

2001, as directed by George Lucas

An amazing mash-up (11 Feb 2023)

The cover of the Jan 2023 IEEE Security magazine

Usable Security and Privacy for Engineers

The new IEEE S+P is all about usable security. (09 Feb 2023)

An AI generated image with a watermark of dreamtime

Watermarks

Watermarks show us wierd edges of AI work (03 Feb 2023)

Application Security Roundup - January

So many interesting articles from AI to an organizatoion of socio-technical harms, fascinating incident reports about Uber and Circle CI and some history of attack trees. (30 Jan 2023)

Fumée d'incendie

(29 Jan 2023)

The Hacker Mind

Adam spoke with Robert Vamosi of The Hacker Mind podcast (27 Jan 2023)

Not all developers can be Jedi

Adam joined Paul Roberts on the Conversing Labs podcast (23 Jan 2023)

An amazon screencapture showing threats as the #1 new release in Computer Network Security, and delivering overnight

Threats, To The Supply Chain

The threats book is in the supply chain, inconsistently. (22 Jan 2023)

An evil looking person at an old fashioned typewriter

Friday Star Wars: Presidents Daily Brief

The return of the (my) Friday Star Wars posts (20 Jan 2023)

Adam playing with a T-16 in the book's launch poster

Threats Book Launch Party

The live launch party for Threats! (19 Jan 2023)

A stack of copies of threats: what every engineer should learn from star wars

Threats Book is Complete

The serious side of the book (17 Jan 2023)

Threats: The Table of Contents

Like the Force, each threat has a light side, and a dark side. (16 Jan 2023)

Threat Modeling is Measure Twice, Cut Once

Threat Modeling is the software version of measure twice, cut once. (12 Jan 2023)

a fuzzy landscape with people reading a map

The Appsec Landscape in 2023

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you. (05 Jan 2023)

The Last 747

Thoughts on the last 747, and engineering culture. (30 Dec 2022)