Shostack + Friends Blog

Why do we call them trust boundaries, anyway? (06 Nov 2024)

Adam's election prediction and request. (04 Nov 2024)

In late 2024, people are being offered a choice of features versus security. (02 Nov 2024)

Trump’s cornerstone economic policy is bad for America and the world. (01 Nov 2024)

If you say liability three times, it appears! (30 Oct 2024)

I wish this election were about policy (29 Oct 2024)

Some thoughts on Russia and the election (26 Oct 2024)

Some thoughts on 25 years of the CVE program (25 Oct 2024)

Our newest course: Scaling Threat Modeling (22 Oct 2024)

(20 Oct 2024)

Threat model Thursday, let's dive deep into a detailed approach to using ATT&CK (17 Oct 2024)

Time to vote for OWASP leadership (15 Oct 2024)

One of the things we expect of a politician in a civilized country is that they put their country first. (13 Oct 2024)

Scaling threat modeling can be a challenge! (10 Oct 2024)

Output encoding is a tool, not a hammer. Or maybe it's a hammer. (07 Oct 2024)