Shostack + Friends Blog

Adam on the Scale to Zero podcast (12 Jun 2024)

How to effectively threat model authentication. (11 Jun 2024)

Commemorating William Anders (08 Jun 2024)

A new universal threat model - what can we learn from it? (06 Jun 2024)

Authentication is more frustrating to your customers when you don’t threat model. (04 Jun 2024)

The most important stories around threat modeling, appsec and secure by design for May, 2024. (30 May 2024)

The early bird pricing for my Blackhat training expires this Friday (21 May 2024)

How can we think about non-standard symbols in threat modeling diagrams? (16 May 2024)

A less busy month in appsec, AI, and regulation, but still interesting stories (08 May 2024)

A great threat modeling talk at RSA 2024 (06 May 2024)

(04 May 2024)

(30 Apr 2024)

What do we need to assess if memory safe langages are 'sufficient'? (29 Apr 2024)

Adam on Enterprise Security Weekly podcast (27 Apr 2024)

Making an LLM forget is harder than it seems (21 Apr 2024)