Shostack + Friends Blog

Application Security Roundup - October and Nov

Interesting reads this month include signals from the administration, a history of appsec by one of the originals, and a longread from Apple about kernel memory design. (30 Nov 2022)

Trainings and discounts

People learning together (11 Nov 2022)

Miro Threat Modeling Template for EoP

A Miro template for Elevation of Privilege (10 Nov 2022)

Medical Device Threat Modeling Boot Camp

Oh my gosh, the boot camps are back! (01 Nov 2022)

Worthwhile Books Q3 2022

The books I read in the third quarter of 2022 that are worth your time. (23 Oct 2022)

Bic Transit Gloria Mundi

Is it really cheating if you learn? (15 Oct 2022)

Application Security Roundup - September

Interesting appsec posts: machine learning, performance, and C4 (30 Sep 2022)

Oregon Forestry

You think shipping takes you a long time? (16 Sep 2022)

Threat Modeling for Security Champs

Our next open course is in just a few weeks! (14 Sep 2022)

Doing an AMA

I'm doing a reddit AMA in /r/privacy (09 Sep 2022)

a person learning in a distributed course

Threat Modeling Training Announcements Fall, 2022

Our fall course offerings (06 Sep 2022)

Threats — The Cover

So excited to share the cover with you (19 Aug 2022)

Podcast: A Fully Trained Jedi

A fun podcast with the ITSP team. (02 Aug 2022)

Application Security Roundup - July

Interesting appsec posts: machine learning, performance, and C4 (30 Jul 2022)

The Buffet Overflow cafe

The Buffet Overflow Cafe is now accepting orders, both local and remote 🥁 (22 Jul 2022)