Shostack + Friends Blog

Recent Blog Posts, Page 7

Lockbit, a study in public health

Why is it hard to count lockbit infections? (15 Jun 2024)

 

Why I don't engage with Sean Hastings

Mr. Hastings has been charged with crimes against me, and the police advise me to not engage. (14 Jun 2024)

 

Scale to Zero

Adam on the Scale to Zero podcast (12 Jun 2024)

 

Threat Modeling and Logins, Redux

How to effectively threat model authentication. (11 Jun 2024)

 

William Anders

Commemorating William Anders (08 Jun 2024)

 

The Universal Cloud TM -- Threat Model Thursday

A new universal threat model - what can we learn from it? (06 Jun 2024)

 

Threat Modeling and Logins

Authentication is more frustrating to your customers when you don’t threat model. (04 Jun 2024)

 

Security Engineering roundup - May 2024

The most important stories around threat modeling, appsec and secure by design for May, 2024. (30 May 2024)

 

Blackhat Training Early Bird

The early bird pricing for my Blackhat training expires this Friday (21 May 2024)

 

Diagrams and Symbols in Threat Models

How can we think about non-standard symbols in threat modeling diagrams? (16 May 2024)

 

Secure by Design roundup - April 2024

A less busy month in appsec, AI, and regulation, but still interesting stories (08 May 2024)

 

RSA 2024

A great threat modeling talk at RSA 2024 (06 May 2024)

 

Happy Star Wars Day

(04 May 2024)

 

Sutter on Safety

What do we need to assess if memory safe langages are 'sufficient'? (29 Apr 2024)

 

Enterprise Security Weekly: Podcast Episode with Adrian Sanabria

Adam on Enterprise Security Weekly podcast (27 Apr 2024)