Shostack + Friends Blog

Recent Blog Posts, Page 8

Threat Modeling and Logins, Redux

How to effectively threat model authentication. (11 Jun 2024)

 

William Anders

Commemorating William Anders (08 Jun 2024)

 

The Universal Cloud TM -- Threat Model Thursday

A new universal threat model - what can we learn from it? (06 Jun 2024)

 

Threat Modeling and Logins

Authentication is more frustrating to your customers when you don’t threat model. (04 Jun 2024)

 

Security Engineering roundup - May 2024

The most important stories around threat modeling, appsec and secure by design for May, 2024. (30 May 2024)

 

Blackhat Training Early Bird

The early bird pricing for my Blackhat training expires this Friday (21 May 2024)

 

Diagrams and Symbols in Threat Models

How can we think about non-standard symbols in threat modeling diagrams? (16 May 2024)

 

Secure by Design roundup - April 2024

A less busy month in appsec, AI, and regulation, but still interesting stories (08 May 2024)

 

RSA 2024

A great threat modeling talk at RSA 2024 (06 May 2024)

 

Happy Star Wars Day

(04 May 2024)

 

Sutter on Safety

What do we need to assess if memory safe langages are 'sufficient'? (29 Apr 2024)

 

Enterprise Security Weekly: Podcast Episode with Adrian Sanabria

Adam on Enterprise Security Weekly podcast (27 Apr 2024)

 

Eternal sunshine of the spotless LLM

Making an LLM forget is harder than it seems (21 Apr 2024)

 

Other comments on the CSRB Microsoft Report

Other people have written about the CSRB report, and I wanted to share their perspectives. (17 Apr 2024)

 

Leveraging our training platform

How we leverage a platform for great training (16 Apr 2024)