Shostack + Friends Blog

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment (28 Aug 2020)

This is a really interesting podcast interview with Sidney Dekker, who's one of the most important thinkers in safety. (26 Aug 2020)

How to play in person games while maintaining safe distances. (24 Aug 2020)

These are the books that I read in Q2 2020 that I think are worth your time. (19 Aug 2020)

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means. (18 Aug 2020)

I have something to disclose... (14 Aug 2020)

I'll be speaking at the MDIC's Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. (13 Aug 2020)

A talk from the Biohacking Village at DefCon brought up a good point. (12 Aug 2020)

A few tips on getting the most out of attending a virtual security conference. (31 Jul 2020)

A recent post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security, shares the context of socio-technical approaches. (24 Jul 2020)

Not usually one for the video format, I'm expanding my horizons thanks to 2020 being what it is. (21 Jul 2020)

I enjoyed being a guest on Software Engineering Radio in this in depth interview. (15 Jul 2020)

I recently signed onto the amicus brief on the Van Buren/Computer Fraud and Abuse Act filed by the Electronic Frontier Foundation. (13 Jul 2020)

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. (07 Jul 2020)

A recent talk by Alyssa Miller focuses on integrating threat modeling in devops. (02 Jul 2020)