Shostack + Friends Blog

small pile of legos in various shapes

Threat Modeling Building Blocks

Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights.

screenshot of article mentioned in this post

Valuing CyberSecurity Research Datasets

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research.

photo of astronaut after landing on the moon

Happy Apollo Day!

Today is the 50th Anniversary of ‘One small step for a man, one giant leap for mankind.’



Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment.