Shostack + Friends Blog

These are the books that I read in the second half of 2021 that I think are worth your time. (28 Jan 2022)

Fascinating history of a transformation in how hackers were seen. (24 Jan 2022)

Adam on #WeHackPurple podcast (22 Jan 2022)

Holy cow, we’ve added new cards to Elevation of Privilege! (20 Jan 2022)

Open threat modeling training, Q1 2022 (13 Jan 2022)

Letterlocking is a lost art of protecting letters from surriptitious readers. (12 Jan 2022)

My opening keynote from Appsec Global 2021 (10 Jan 2022)

As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too. (29 Dec 2021)

Missed it by that much! (16 Dec 2021)

Threat modeling doesn't need to be a slow, heavyweight activity! (15 Dec 2021)

There are some things the pandemic can't stop. Gävle, Sweden putting up a straw goat is one of them. (11 Dec 2021)

How to threat model medical devices? The FDA has released a playbook! (30 Nov 2021)

An important webinar by MDIC about the medical device threat modeling playbook is now available! (21 Nov 2021)

The definition of insanity is doing the same thing over and over and expecting different results. We can do better, and a major new report explains how. (15 Nov 2021)

Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future. (11 Nov 2021)