Shostack + Friends Blog

Recent Blog Posts, Page 12

Think like Sieged-sec?

Yet again, attackers surprise us (29 Dec 2023)

 

Giant Pink Bunny, Redux

Art is transient (27 Dec 2023)

 

Take Control of What You Read

As 2023 draws to a close, take control of what you read. (26 Dec 2023)

 

The Nazgul of Threat Modeling

(no description available) (15 Dec 2023)

 

Think like Alph-V?

(12 Dec 2023)

 

Application and AI roundup - November

A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates (30 Nov 2023)

 

C2PA Threat Modeling

What can we learn from the C2PA security considerations document? (29 Nov 2023)

 

Threat Modeling Thursday: Thanksgiving

What can we learn from Gunnar Peterson’s Threat Model for Thanksgiving? (23 Nov 2023)

 

Application and AI roundup - October

Exciting news from the SEC, lots of AI, and lots of threat modeling. (09 Nov 2023)

 

Security Principles in 2023

Principles are lovely, but do they lead us to actionable results? (27 Oct 2023)

 

Adversarial Thinking and Wargames

Thinking about adversarial thinking (12 Oct 2023)

 

Threat Modeling on Sale

Best price ever for Threat Modeling (06 Oct 2023)

 

Application and AI roundup - September

September was a big month in appsec for both memory safety and policy (04 Oct 2023)

 

FDA Final Cyber Guidance is out

The FDA has released their new guidance, which will be broadly impactful. (26 Sep 2023)

 

Comparing Retrospectives

We can learn a lot from comparing retrospectives (19 Sep 2023)