Shostack + Friends Blog

Recent Blog Posts, Page 25

Internet Society Opposition to LAED Act

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. (07 Jul 2020)

 

Threat Model In My Devops

A recent talk by Alyssa Miller focuses on integrating threat modeling in devops. (02 Jul 2020)

 

Threat Modeling and the SAFE Framework

My thoughts on an interesting blog post discussing how to bring threat modeling into the Scaled Agile Framework. (30 Jun 2020)

 

The Cyentia Library Relaunches

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world. (22 Jun 2020)

 

Happy Juneteenth!

Juneteenth is the celebration of the end of slavery in the US. We need more holidays that celebrate freedom. Freedom isn't always comfortable or easy, but it is the precondition to the pursuit of happiness. (19 Jun 2020)

 

The Jenga View of Threat Modeling

I'm happy to announce Shostack + Associate's new, first, corporate white paper! It uses Jenga to explain why threat modeling efforts fail so often. (16 Jun 2020)

 

Threat Research: More Like This

I want to call out some impressive aspects of a report by Proofpoint. (14 Jun 2020)

 

Sonatype Report on DevSecOps

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness. (12 Jun 2020)

 

Contextualisation of Data Flow Diagrams...

Contextualisation of Data Flow Diagrams for security analysis is a new paper to which I contributed. (09 Jun 2020)

 

'Best Practices for IoT Security'

There's an interesting new draft, Best Practices for IoT Security: What Does That Even Mean? by Christopher Bellman and Paul C. van Oorschot. (08 Jun 2020)

 

Evidence Based Security

Check out “The Need for Evidence Based Security” by Chris Frenz. (04 Jun 2020)

 

One Bad Apple

I generally try to stay on technical topics, because my understanding is that's what readers want. But events are overwhelming and I believe that not speaking out is now a political choice. (03 Jun 2020)

 

SLR as a Webcam

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps. (28 May 2020)

 

Code: science and production

Phil Bull presents an interesting, generally convincing, argument in 'Why you can ignore reviews of scientific code by commercial software developers', with a couple of exceptions. (26 May 2020)

 

How Are Computers Compromised (2020 Edition)

Understanding the way intrusions really happen is a long-standing interest of mine. (20 May 2020)