Shostack + Friends Blog

 
 
 
 

What can go wrong?

The World's Shortest Threat Modeling Video series continues with .. what can go wrong?

 
An exhausted young man

Training discounts!

Are you tired of escalations and fights after pen tests find crucial security issues at the last minute? I have a discount code for upcoming threat modeling training that can help!

 
 
 
An exhausted young man

Training - October

Are you tired of escalations and fights after pen tests find crucial security issues at the last minute? I have upcoming threat modeling training that can help!

 
 
quote from article cited in the post

The COVID testbed and AI

The pandemic gives us a chance to evaluate AI tools...you'll be shocked to discover how they did.

 
 
screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
 
 
5G architecture map

Threat Model Thursday: 5G Infrastructure

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.