Shostack + Friends Blog

 

Recent Blog Posts, Page 25

MDIC Annual Public Forum

I'll be speaking at the MDIC's Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector.

 
 
 
 

Video Series

Not usually one for the video format, I'm expanding my horizons thanks to 2020 being what it is.

 
 

Amicus Brief on CFAA

I recently signed onto the amicus brief on the Van Buren/Computer Fraud and Abuse Act filed by the Electronic Frontier Foundation.

 
 
 
 

The Cyentia Library Relaunches

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

 

Happy Juneteenth!

Juneteenth is the celebration of the end of slavery in the US. We need more holidays that celebrate freedom. Freedom isn't always comfortable or easy, but it is the precondition to the pursuit of happiness.

 

The Jenga View of Threat Modeling

I'm happy to announce Shostack + Associate's new, first, corporate white paper! It uses Jenga to explain why threat modeling efforts fail so often.

 
 

Sonatype Report on DevSecOps

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness.