Hey you! Out there beyond the wall, breaking bottles in the hall, you haven’t removed this feed from your RSS reader! If you add this feed there’s a training discount on my next open training course, kicking off October 11.Read More Training Discount
If you’re seeing this in your feed, have you also seen a bad Star Wars joke? Because I’ve got one on the new blog. Please add https://shostack.org/feed.xml, or replace the feed you’re reading with it. (This is the adam.shostack.org version of this post; the new post is just at shostack.org)Read More Star Wars Jokes?
I’m in the process of replacing this site, threatmodelingbook.com, and the associates.shostack.org site with a new, unified https://shostack.org. I’ll be saying more about the redesign, but as part of it, I’m migrating the blog over there. There are a few new posts there that I forgot to mirror here, including: Threat Modeling Through the JoHari…Read More Blog updates
Twenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks, SteveMac!) to get feedback and advice, because back then, there was exceptionally little in terms of practical advice on what we now call AppSec. Looking back at what’s there: it’s explicitly…Read More 25 Years In Appsec: Looking Back
There’s a really interesting article in MIT Tech Review, Hundreds of AI tools have been built to catch covid. None of them helped. Oops, I think I gave away the ending. But there’s a lot of fascinating details: Many unwittingly used a data set that contained chest scans of children who did not have covid…Read More The COVID testbed and AI
Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…Read More Threat Model Thursday: NIST’s Code Verification Standard
It’s the latest in the World’s Shortest Threat Modeling videos! Also, I set up https://bit.ly/adam-yt to make it easy to find my Youtube channel.Read More Collaboration in Threat Modeling
The latest in the World’s Shortest Threat Modeling Videos:Read More Sketching to Answer “What Are We Working On?”
The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure. (Press release), and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn. The first thing I…Read More Threat Model Thursday: 5G Infrastructure
At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on the first day and then going deep into each of the four questions: what are we working on, what can go wrong,…Read More Applied Threat Modeling at Blackhat 2021!