Shostack + Friends Blog

I recently had a chance to speak at the meeting for the Portland, Oregon chapter of OWASP (02 Oct 2019)

Sharing for you, bookmarking for me. (18 Sep 2019)

A breakdown of CTFs and eSports (11 Sep 2019)

I'm excited to announce that I'm hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering. (10 Sep 2019)

Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. (04 Sep 2019)

Just what the title says (21 Aug 2019)

I'm excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. (15 Aug 2019)

How to get back into the workflow after time away at conferences. (13 Aug 2019)

Reminders about some conference best practices. (02 Aug 2019)

What have we learned and what steps can we take? (30 Jul 2019)

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research. (26 Jul 2019)

Today is the 50th Anniversary of ‘One small step for a man, one giant leap for mankind.’ (20 Jul 2019)

Some books worth reading, particularly related to space and history (15 Jul 2019)

Discussing online conflict on the AppSec Podcast (12 Jul 2019)

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment. (11 Jul 2019)