Shostack + Friends Blog

Amazing and impressive photographs of the moon. (12 Jan 2020)

I joined Caroline Wong on the Humans of Infosec Podcast to discuss The Human Element of Threat Modeling. (09 Jan 2020)

For my first blog post of 2020, I want to look at threat modeling machine learning systems. (02 Jan 2020)

I'm featured in (local NPR Affiliate) KUOW's Primed: Season 3, Episode 8. (30 Dec 2019)

Almost there... (13 Dec 2019)

A few tidbits in recent news. (11 Dec 2019)

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success. (07 Dec 2019)

The time has come. (03 Dec 2019)

Just what the title says... (01 Dec 2019)

For 51 years, the gallant people of Gavle, Sweden, have been putting up a straw goat, and arsonists have been burning it. (30 Nov 2019)

[no description provided] (26 Nov 2019)

Let's talk CAKED, a threat model for managed attribution. (14 Nov 2019)

Swim lane diagrams have been formalized in message sequence charts - what that means. (06 Nov 2019)

Recently, I've seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. (02 Nov 2019)

“Includes No Dirt” is a threat modeling approach by William Dogherty and Patrick Curry of Omada Health, and I've been meaning to write about it since it came out. (31 Oct 2019)