Shostack + Friends Blog

Recent Blog Posts, Page 12

The Nazgul of Threat Modeling

(no description available) (15 Dec 2023)

 

Think like Alph-V?

(12 Dec 2023)

 

Application and AI roundup - November

A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates (30 Nov 2023)

 

C2PA Threat Modeling

What can we learn from the C2PA security considerations document? (29 Nov 2023)

 

Threat Modeling Thursday: Thanksgiving

What can we learn from Gunnar Peterson’s Threat Model for Thanksgiving? (23 Nov 2023)

 

Application and AI roundup - October

Exciting news from the SEC, lots of AI, and lots of threat modeling. (09 Nov 2023)

 

Security Principles in 2023

Principles are lovely, but do they lead us to actionable results? (27 Oct 2023)

 

Adversarial Thinking and Wargames

Thinking about adversarial thinking (12 Oct 2023)

 

Threat Modeling on Sale

Best price ever for Threat Modeling (06 Oct 2023)

 

Application and AI roundup - September

September was a big month in appsec for both memory safety and policy (04 Oct 2023)

 

FDA Final Cyber Guidance is out

The FDA has released their new guidance, which will be broadly impactful. (26 Sep 2023)

 

Comparing Retrospectives

We can learn a lot from comparing retrospectives (19 Sep 2023)

 

Open training: Threat Modeling for Champs (October)

Seats are available in our October training (14 Sep 2023)

 

Application and AI roundup - August

Lots of interesting work in LLMs (again) (30 Aug 2023)

 

Airline Close Calls

Thoughts on an article on near misses (22 Aug 2023)