Shostack + Friends Blog

How to get back into the workflow after time away at conferences. (13 Aug 2019)

Reminders about some conference best practices. (02 Aug 2019)

What have we learned and what steps can we take? (30 Jul 2019)

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research. (26 Jul 2019)

Today is the 50th Anniversary of ‘One small step for a man, one giant leap for mankind.’ (20 Jul 2019)

Some books worth reading, particularly related to space and history (15 Jul 2019)

Discussing online conflict on the AppSec Podcast (12 Jul 2019)

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment. (11 Jul 2019)

Let’s explore the risks associated with Automated Driving. (08 Jul 2019)

The road to mediocre writing is paved with over-simplification and distraction. (05 Jul 2019)

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

When was the last time you looked over what our country was founded upon? (04 Jul 2019)

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4. (26 Jun 2019)

Juneteenth is the celebration of the end of slavery in the US. We should have more holidays that celebrate freedom for the sake of freedom. (19 Jun 2019)

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. (13 Jun 2019)