Actionable Followups from the Capital One Breach
What have we learned and what steps can we take?
Shostack + Friends Blog
Recent Blog Posts, Page 30
Valuing CyberSecurity Research Datasets
A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research.
Happy Apollo Day!
Today is the 50th Anniversary of ‘One small step for a man, one giant leap for mankind.’
Books Worth Reading: Q2 2019 (Apollo Edition)
Some books worth reading, particularly related to space and history
Threat Modeling at Layer 8
Discussing online conflict on the AppSec Podcast
NIST on SDLs
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment.
Safety and Security in Automated Driving
Let’s explore the risks associated with Automated Driving.
The Road to Mediocrity
The road to mediocre writing is paved with over-simplification and distraction.
The Unanimous Declaration of the Thirteen United States of America
When was the last time you looked over what our country was founded upon?
The Unanimous Declaration of the 13 United States
When was the last time you looked over what our country was founded upon?
Passwords Advice
Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4.
Happy Juneteenth!
Juneteenth is the celebration of the end of slavery in the US. We should have more holidays that celebrate freedom for the sake of freedom.
DNS Security
I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.
When security goes off the rails
My newest post over at Dark Reading ponders regulation.
Polymorphic Warnings On My Mind
The more we see it, the more we ignore it.