Application and AI roundup - September
September was a big month in appsec for both memory safety and policy
Shostack + Friends Blog
FDA Final Cyber Guidance is out
The FDA has released their new guidance, which will be broadly impactful.
Comparing Retrospectives
We can learn a lot from comparing retrospectives
Open training: Threat Modeling for Champs (October)
Seats are available in our October training
Application and AI roundup - August
Lots of interesting work in LLMs (again)
Airline Close Calls
Thoughts on an article on near misses
ML Sec Ops: Feature with Diana Kelley
Adam featured on ML Sec Ops podcast
Use the Defcon Wifi
Why it’s ok to use the Defcon wifi
SEC Cybersecurity Rules
The SEC has important new cybersecurity rules
Chuck, Acme, and Remediation Avoidance
Threat modeling really CAN save you money, just ask Chuck!
Threat Modeling and Secure by Design
Our feedback to CISA is now public
Valorizing Rule-breaking
Microsoft Can Fix Ransomware Tomorrow
My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.
No guns please
Art imitating life in ways you didn’t think possible
Worthwhile Books Q2 2023
Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!