Shostack + Friends Blog

Recent Blog Posts, Page 19

Short reads, March 2022

Interesting articles from around the internet, March edition (28 Mar 2022)

 

The Evergreen Running Aground Problem

The Evergreen line has had another ship run aground. (23 Mar 2022)

 

How Executives Can Use Threat Modeling

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling. (18 Mar 2022)

 

Elevation of Defenses

Using games to help us explore engineering techniques (15 Mar 2022)

 

I need an extension!

A few lessons from the Mazda radio incident. (23 Feb 2022)

 

How To Choose a Threat Modeling Training

Understanding how to choose the right threat modeling training can give you the education you want for the skills you need. (18 Feb 2022)

 

Ten Questions we hope the CSRB answers

The new Cyber Safety Review Board is an opportunity to get better faster. (09 Feb 2022)

 

Worthwhile Books Q1 2022

These are the books that I read in the second half of 2021 that I think are worth your time. (28 Jan 2022)

 

Wearing Many Hats

Fascinating history of a transformation in how hackers were seen. (24 Jan 2022)

 

#WeHackPurple: Podcast Episode with Tanya Janca

Adam on #WeHackPurple podcast (22 Jan 2022)

 

Elevation of Privilege: New Cards for 2022

Holy cow, we’ve added new cards to Elevation of Privilege! (20 Jan 2022)

 

Threat Modeling Open Training: First Quarter, 2022

Open threat modeling training, Q1 2022 (13 Jan 2022)

 

Letterlocking

Letterlocking is a lost art of protecting letters from surriptitious readers. (12 Jan 2022)

 

25 Years in AppSec: Looking Back, Looking Forward

My opening keynote from Appsec Global 2021 (10 Jan 2022)

 

The Allegory of Rocks and Sand

As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too. (29 Dec 2021)