2012

In the holiday spirit I wanted to share an academic-style paper on the Elevation of Privilege Threat Modeling card game (EoP_Whitepaper.pdf) The paper describes the motivation, experience and lessons learned in creating the game. As we’ve shared the game at conferences, we’ve seen people’s eyes light up at the idea of a game. We think…

Read More Elevation of Privilege: Drawing Developers into Threat Modeling

There’s a fascinating set of claims in Foreign Affairs “The Fog of Cyberward“: Our research shows that although warnings about cyberwarfare have become more severe, the actual magnitude and pace of attacks do not match popular perception. Only 20 of 124 active rivals — defined as the most conflict-prone pairs of states in the system…

Read More The Fog of Reporting on Cyberwar

Hoff’s blog post “Why Amazon Web Services (AWS) Is the Best Thing To Happen To Security & Why I Desperately Want It To Succeed” is great on a whole bunch of levels. If you haven’t read it, go do that. The first thing I appreciated is that he directly confronts the possibility of his own…

Read More Hoff on AWS