Shostack + Friends Blog

File folders with the focus on one labeled Assets

The Asset Trap

As we look at what's happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling.


A Threat Modeling Manifesto

A diverse set of experts and advocates for threat modeling are releasing a threat modeling manifesto, modeled after the agile manifesto and focused on values and principles.


On Legitimacy

The legitimacy of the outcomes of our election are already under aggressive and sustained attack.


Notice the Outrage Machines

With three days to the US election, the outrage machines are running on all cylinders. It'll be easier to stay happy if you remember to notice them.