Shostack + Friends Blog

Resources for Infosec Skillbuilding

The Threat Modeling Book has been featured on a list of resources by Digital Guardian. (12 Dec 2018)

Cover of House Oversight Committee report

House Oversight Committee on Equifax

The House Oversight Committee has released a scathing report on Equifax... (11 Dec 2018)

Structures, Engineering and Security

J.E. Gordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book. Why don’t things fall down? It turns out this is a simple question with some very deep answers. (07 Dec 2018)

Gavelblocken, 2018

The Gavle Goat is up. (29 Nov 2018)

Books which are worth your time: Q4

Some books worth reading. (26 Nov 2018)

Threat Modeling in 2018: Attacks, Impacts and Other Updates

Check out my talk from Blackhat 2018 (15 Nov 2018)

view of globe showing Northern Passage and Suez Canal routes for nautical travel from Vladivostok, Russia to Bremerhaven, Germany

Change in the Weather

Some recent changes in the weather... (09 Nov 2018)

Airline Safety

Airplanes are filthy... (01 Nov 2018)

Podcast with Ron Woerner

Another podcast, another chance to talk about Threat Modeling (29 Oct 2018)

Privacy Extension to Elevation of Privilege game

An extended version of Elevation of Privilege, now with Privacy. (17 Oct 2018)

Whitepaper cover: Measuring the Impact of DMARC's Part in Preventing Business Email Compromise

Measuring ROI for DMARC

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. (16 Oct 2018)

GAO Report on Equifax

I still have questions... (12 Oct 2018)

Does PCI Matter?

It's certainly not a silver bullet... (09 Oct 2018)

The Architectural Mirror (Threat Model Thursday)

[no description provided] (04 Oct 2018)

CVE Funding and Process

[no description provided] (02 Oct 2018)