Elevation of Defenses
Using games to help us explore engineering techniques
Shostack + Friends Blog
I need an extension!
A few lessons from the Mazda radio incident.
How To Choose a Threat Modeling Training
Understanding how to choose the right threat modeling training can give you the education you want for the skills you need.
Ten Questions we hope the CSRB answers
The new Cyber Safety Review Board is an opportunity to get better faster.
Worthwhile Books Q1 2022
These are the books that I read in the second half of 2021 that I think are worth your time.
Wearing Many Hats
Fascinating history of a transformation in how hackers were seen.
Elevation of Privilege: New Cards for 2022
Holy cow, we’ve added new cards to Elevation of Privilege!
Threat Modeling Open Training: First Quarter, 2022
Open threat modeling training, Q1 2022
Letterlocking
Letterlocking is a lost art of protecting letters from surriptitious readers.
25 Years in AppSec: Looking Back, Looking Forward
My opening keynote from Appsec Global 2021
The Allegory of Rocks and Sand
As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too.
Missed it by that much!
Missed it by that much!
Fast, Cheap + Good Whitepaper
Threat modeling doesn't need to be a slow, heavyweight activity!
Gävle Goat, 2021 edition
There are some things the pandemic can't stop. Gävle, Sweden putting up a straw goat is one of them.
FDA Threat Modeling Playbook Now Available
How to threat model medical devices? The FDA has released a playbook!