Skip to main content

Shostack + Friends Blog

An AI drawn map of the world

The Universal Cloud TM -- Threat Model Thursday

A new universal threat model - what can we learn from it? (06 Jun 2024)

A clown checking ID

Threat Modeling and Logins

Authentication is more frustrating to your customers when you don’t threat model. (04 Jun 2024)

a photograph of a robot, sitting in a library, working on a jigsaw puzzle

Security Engineering roundup - May 2024

The most important stories around threat modeling, appsec and secure by design for May, 2024. (30 May 2024)

A bird in a field of flowers

Blackhat Training Early Bird

The early bird pricing for my Blackhat training expires this Friday (21 May 2024)

A diagram legend for using symbols in threat modeling

Diagrams and Symbols in Threat Models

How can we think about non-standard symbols in threat modeling diagrams? (16 May 2024)

a cow is riding on the back of a horse. The cow is dressed as a cowboy with a hat and a lasso, and she is rounding up robots. there are lots of robots scuttling around

Secure by Design roundup - April 2024

A less busy month in appsec, AI, and regulation, but still interesting stories (08 May 2024)

A screen capture of the words ‘Teaching Software Engineers to Threat Model: We Did It, and So Can You‘

RSA 2024

A great threat modeling talk at RSA 2024 (06 May 2024)

The words ‘Star Wars is essentially a movie about data breach response — one that failed rather miserably.’

Happy Star Wars Day

(04 May 2024)

An AI image of A person typing at a computer in a text on screen, but the words are changed on the monitor of a different person's screen

Sutter on Safety

What do we need to assess if memory safe langages are 'sufficient'? (29 Apr 2024)

Podcast image

Enterprise Security Weekly: Podcast Episode with Adrian Sanabria

Adam on Enterprise Security Weekly podcast (27 Apr 2024)

Characters from Harry Potter pointing their wands at C3-P0

Eternal sunshine of the spotless LLM

Making an LLM forget is harder than it seems (21 Apr 2024)

Cartoon talk bubbles on the report title

Other comments on the CSRB Microsoft Report

Other people have written about the CSRB report, and I wanted to share their perspectives. (17 Apr 2024)

People getting training

Leveraging our training platform

How we leverage a platform for great training (16 Apr 2024)

The cover page from the Computer Safety Review Board’s ‘Review of the Summer 2023 Microsoft Exchange Online Intrusion’

CSRB Report on Microsoft

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy. (13 Apr 2024)

Podcast image

Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee

Adam on Healthcare Info Security podcast (07 Apr 2024)

<
1
…
5
6
7
8
9
…
43
>

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.