Shostack + Friends Blog

Recent Blog Posts, Page 24

A Threat Modeling Manifesto

A diverse set of experts and advocates for threat modeling are releasing a threat modeling manifesto, modeled after the agile manifesto and focused on values and principles. (17 Nov 2020)

 

On Legitimacy (After the Election)

Additional thoughts on the subject. (11 Nov 2020)

 

Friday Star Wars: Lego Holiday Celebration

A little something to make you smile today: (06 Nov 2020)

 

Maps and Visualization

A colorful map shares a powerful message. (04 Nov 2020)

 

On Legitimacy

The legitimacy of the outcomes of our election are already under aggressive and sustained attack. (02 Nov 2020)

 

Notice the Outrage Machines

With three days to the US election, the outrage machines are running on all cylinders. It'll be easier to stay happy if you remember to notice them. (31 Oct 2020)

 

On Monopolies

In a simpler age, Matt Stoller famously lost his job for critiquing Google. (09 Oct 2020)

 

Training: Threat Modeling for Security Champions

Expanding on our distributed class structure. (07 Oct 2020)

 

A PCI Threat Model

Compliance isn't Security, oh and something I wrote. (24 Sep 2020)

 

Mentions

A few recent mentions (23 Sep 2020)

 

Starting Threat Modeling: Focused Retrospectives are Key

Don't skip this important step. (17 Sep 2020)

 

Threat Modeling, Insiders and Incentives

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling. (10 Sep 2020)

 

Phil Venables Blogging

It's not LinkedIn posts or Tweets, but a real live blog. (07 Sep 2020)

 

The Uber CSO indictment

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment (28 Aug 2020)

 

Podcast with Sidney Dekker

This is a really interesting podcast interview with Sidney Dekker, who's one of the most important thinkers in safety. (26 Aug 2020)