Shostack + Friends Blog

As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too. (29 Dec 2021)

Missed it by that much! (16 Dec 2021)

Threat modeling doesn't need to be a slow, heavyweight activity! (15 Dec 2021)

There are some things the pandemic can't stop. Gävle, Sweden putting up a straw goat is one of them. (11 Dec 2021)

How to threat model medical devices? The FDA has released a playbook! (30 Nov 2021)

An important webinar by MDIC about the medical device threat modeling playbook is now available! (21 Nov 2021)

The definition of insanity is doing the same thing over and over and expecting different results. We can do better, and a major new report explains how. (15 Nov 2021)

Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future. (11 Nov 2021)

A video interview by OWASP leader Vandana Verma, on the topic of breaking into threat modeling. (01 Nov 2021)

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021 (20 Oct 2021)

What happened when Microsoft tried to buy climate abatements (05 Oct 2021)

We learn while we're having fun. Some takeaways from a recent play to learn session. (28 Sep 2021)

New at Darkreading, a post on NIST and threat modeling (23 Sep 2021)

Andrew Stewart has an excellent new book, A Vulnerable System. (13 Sep 2021)

The World's Shortest Threat Modeling Video series continues with .. what can go wrong? (10 Sep 2021)