Shostack + Friends Blog

Almost there... (13 Dec 2019)

A few tidbits in recent news. (11 Dec 2019)

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success. (07 Dec 2019)

The time has come. (03 Dec 2019)

Just what the title says... (01 Dec 2019)

For 51 years, the gallant people of Gavle, Sweden, have been putting up a straw goat, and arsonists have been burning it. (30 Nov 2019)

[no description provided] (26 Nov 2019)

Let's talk CAKED, a threat model for managed attribution. (14 Nov 2019)

Swim lane diagrams have been formalized in message sequence charts - what that means. (06 Nov 2019)

Recently, I've seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. (02 Nov 2019)

“Includes No Dirt” is a threat modeling approach by William Dogherty and Patrick Curry of Omada Health, and I've been meaning to write about it since it came out. (31 Oct 2019)

Some interesting things I've recently found (28 Oct 2019)

Don't go into Threat Modeling with this mindset. (23 Oct 2019)

Just what the title says. (15 Oct 2019)

Just a few things for now (09 Oct 2019)