Shostack + Friends Blog Archive

 

Survey for How to Measure Anything In Cybersecurity Risk

This is a survey from Doug Hubbard, author of How To Measure Anything and he is currently writing another book with Richard Seiersen (GM of Cyber Security at GE Healthcare) titled How to Measure Anything in Cybersecurity Risk. As part of the research for this book, they are asking for your assistance as an information […]

 

What Good is Threat Intelligence Going to do Against That?

As you may be aware, I’m a fan of using Star Wars for security lessons, such as threat modeling or Saltzer and Schroeder. So I was pretty excited to see Wade Baker post “Luke in the Sky with Diamonds,” talking about threat intelligence, and he gets bonus points for crossover title. And I think it’s […]

 

Towards a model of web browser security

One of the values of models is they can help us engage in areas where otherwise the detail is overwhelming. For example, C is a model of how a CPU works that allows engineers to defer certain details to the compiler, rather than writing in assembler. It empowers software developers to write for many CPU […]

 

Adam's new startup

A conversation with an old friend reminded me that there may be folks who follow this blog, but not the New School blog. Over there, I’ve posted “Improving Security Effectiveness” about leaving Microsoft to work on my new company: For the last few months, I’ve been working full time and talking with colleagues about a […]