Shostack + Friends Blog

 

Recent Blog Posts, Page 30

NIST on SDLs

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) from NIST is open for comment.

 
 
 
 
 

Passwords Advice

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4.

 

Happy Juneteenth!

Juneteenth is the celebration of the end of slavery in the US. We should have more holidays that celebrate freedom for the sake of freedom.

 

DNS Security

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

 
 
 
 

Testing Building Blocks

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.

 

Episode 9 Spoilers

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.