Shostack + Friends Blog

Airline Safety

Airplanes are filthy... (01 Nov 2018)

Podcast with Ron Woerner

Another podcast, another chance to talk about Threat Modeling (29 Oct 2018)

Privacy Extension to Elevation of Privilege game

An extended version of Elevation of Privilege, now with Privacy. (17 Oct 2018)

Whitepaper cover: Measuring the Impact of DMARC's Part in Preventing Business Email Compromise

Measuring ROI for DMARC

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. (16 Oct 2018)

GAO Report on Equifax

I still have questions... (12 Oct 2018)

Does PCI Matter?

It's certainly not a silver bullet... (09 Oct 2018)

The Architectural Mirror (Threat Model Thursday)

[no description provided] (04 Oct 2018)

CVE Funding and Process

[no description provided] (02 Oct 2018)

Space Elevator Test

Japan has launched a miniature space elevator. (25 Sep 2018)

Reflective Practice and Threat Modeling (Threat Model Thursday)

[no description provided] (14 Sep 2018)

Threat Model Thursday: Legible Architecture

[no description provided] (23 Aug 2018)

Toolbox: After a Conference

[no description provided] (21 Aug 2018)

Threat Modeling in 2018: Attacks, Impacts and Other Updates

The slides from my Blackhat talk are now available. (13 Aug 2018)

Aretha Franklin

[no description provided] (13 Aug 2018)

CyberSecurity Hall of Fame

[no description provided] (06 Aug 2018)