Shostack + Friends Blog

 

Video Series

It will come as no surprise to regular readers of this blog that I prefer the written word to audio and video, but 2020 being 2020, I now have a YouTube Channel, with the first video below:

 
 
Screenshot of Amicus Brief discussed in article

Amicus Brief on CFAA

I recently signed onto the amicus brief on the Computer Fraud and Abuse Act filed by the Electronic Frontier Foundation.

 
 
 
 
Information Risk Insights Study 20/20 plot

The Cyentia Library Relaunches

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

 
Reenactment of black civil war soldiers

Happy Juneteenth!

Juneteenth is the celebration of the end of slavery in the US. We need more holidays that celebrate freedom. Freedom isn't always comfortable or easy, but it is the precondition to the pursuit of happiness.

 
cover of white paper: The Jenga View of Threat Modeling

The Jenga View of Threat Modeling

I'm happy to announce Shostack & Associate's new, first, corporate white paper! It uses Jenga to explain why threat modeling efforts fail so often.

 
 
Survey results.

Sonatype Report on DevSecOps

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness.

 
 
screenshot of opening to quoted article

'Best Practices for IoT Security'

There's an interesting new draft, Best Practices for IoT Security: What Does That Even Mean? by Christopher Bellman and Paul C. van Oorschot.

 
 

One Bad Apple

I generally try to stay on technical topics, because my understanding is that's what readers want. But events are overwhelming and I believe that not speaking out is now a political choice.