Ten Questions we hope the CSRB answers
The new Cyber Safety Review Board is an opportunity to get better faster.
Shostack + Friends Blog
Recent Blog Posts, Page 19
Worthwhile Books Q1 2022
These are the books that I read in the second half of 2021 that I think are worth your time.
Wearing Many Hats
Fascinating history of a transformation in how hackers were seen.
#WeHackPurple: Podcast Episode with Tanya Janca
Adam on #WeHackPurple podcast
Elevation of Privilege: New Cards for 2022
Holy cow, we’ve added new cards to Elevation of Privilege!
Threat Modeling Open Training: First Quarter, 2022
Open threat modeling training, Q1 2022
Letterlocking
Letterlocking is a lost art of protecting letters from surriptitious readers.
25 Years in AppSec: Looking Back, Looking Forward
My opening keynote from Appsec Global 2021
The Allegory of Rocks and Sand
As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too.
Missed it by that much!
Missed it by that much!
Fast, Cheap + Good Whitepaper
Threat modeling doesn't need to be a slow, heavyweight activity!
Gävle Goat, 2021 edition
There are some things the pandemic can't stop. Gävle, Sweden putting up a straw goat is one of them.
FDA Threat Modeling Playbook Now Available
How to threat model medical devices? The FDA has released a playbook!
Medical Device Threat Modeling Webinar
An important webinar by MDIC about the medical device threat modeling playbook is now available!
Learning Lessons from Aviation
The definition of insanity is doing the same thing over and over and expecting different results. We can do better, and a major new report explains how.