Sketching to Answer 'What are we working on?'
The latest in the World's Shortest Threat Modeling Videos.
Shostack + Friends Blog
Recent Blog Posts, Page 20
Threat Model Thursday: 5G Infrastructure
The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.
Applied Threat Modeling at BlackHat 2021
At Blackhat USA, I'll be teaching Applied Threat Modeling.
Why Threat Model?
The second video in my 60 second series!
Juneteenth: A New Federal Holiday
Thoughts on the new federal holiday, Juneteenth
Fast threat modeling videos
I'm exploring the concept of very fast threat modeling videos.
'Not in my threat model'?
You know what's not in my threat model? A meteor hitting a volcano... And that's ok!
Ransomware is Not the Problem
Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.
Thoughts on the Executive Order
A new article by Steve Bellovin and myself at Lawfare.
Van Buren
The Supreme Court has ruled in the van Buren case, and there's a good summary on the Eff's blog.
Recording Lectures
People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content.
Review: Practical Cybersecurity Architecture
Adam Shostack's review of the book Practical Cybersecurity Architecture
Using Threat Modeling to Improve Compliance (TM Thursday)
Threat model Thursday is not just back, but live again!
NSF Wants Data on Your Data Needs
The National Science Foundation is looking for information on needs for datasets.
Colonial Pipeline, Darkside and Models
The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.