Shostack + Friends Blog

 

Recent Blog Posts, Page 26

SDL Article in CACM

Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works.

 

Bounce and Range

I want to talk about two books: Bounce, by Matthew Syed and Range, by David Epstein. I want to talk about them together in part because Range is explicitly framed as a response to Bounce.

 
 

Worthwhile Books (Q1 2020)

These are the books I read in the first quarter (and forgot to mention last quarter) that I think are worth your time.

 
 
 
 
 

The COVID Pandemic

I know many readers are here for the threat modeling, and I could claim that this is the “what are we going to do about it” post, which it is, but I don't want to have to blog all threat modeling all the time. So this is the “Seattle is a month into COVID-19” post.

 
 
 
 
 
 

Blackhat and Human Factors

As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there.