Shostack + Friends Blog

Recent Blog Posts, Page 10

Red Teaming

Red Teaming by Bryce Hoffman is a thought-provoking read. (21 Jan 2024)

 

CSRB Senate Hearing

Comments following the Senate’s CSRB hearing (19 Jan 2024)

 

Threat Modeling Capabilities Released

A great new resource for threat modeling (12 Jan 2024)

 

Red Queen Dynamics: Podcast Episode with Tarah Wheeler

Adam on Red Queen Dynamics podcast (05 Jan 2024)

 

The State of Appsec in 2024

2024 is bringing lots of AI, and Liability, too (02 Jan 2024)

 

Think like Sieged-sec?

Yet again, attackers surprise us (29 Dec 2023)

 

Giant Pink Bunny, Redux

Art is transient (27 Dec 2023)

 

Take Control of What You Read

As 2023 draws to a close, take control of what you read. (26 Dec 2023)

 

The Nazgul of Threat Modeling

(no description available) (15 Dec 2023)

 

Think like Alph-V?

(12 Dec 2023)

 

Application and AI roundup - November

A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates (30 Nov 2023)

 

C2PA Threat Modeling

What can we learn from the C2PA security considerations document? (29 Nov 2023)

 

Threat Modeling Thursday: Thanksgiving

What can we learn from Gunnar Peterson’s Threat Model for Thanksgiving? (23 Nov 2023)

 

Application and AI roundup - October

Exciting news from the SEC, lots of AI, and lots of threat modeling. (09 Nov 2023)

 

Security Principles in 2023

Principles are lovely, but do they lead us to actionable results? (27 Oct 2023)