As I reflect back on 2017, I think it was a tremendously exciting year for threat modeling tooling. Some of…
At DevSecCon London, I met Michelle Embleton, who is doing some really interesting work around what she calls an AppSec…
[Update: Merry Christmas, Gavelbocken! You made it this year!] ‘Secret’ plan to protect Gävle Christmas goat from arsonists. Previously: Gavle…
[Update: Steve Bellovin has a blog post] One of the major pillars of science is the collection of data to…
On Wednesday, the supreme court will consider whether the government must obtain a warrant before accessing the rich trove of…
I had not seen this amazing picture of Harrison Schmitt near Shorty Crater. Via Astronomy Picture of the Day. If…
This is a fascinating video from the Devops Enterprise Summit: “the airline that reports more incidents has a lower passenger…
[Update: More at DarkReading, “ The Critical Difference Between Vulnerabilities Equities & Threat Equities.”] The Vulnerabilities Equities Process (VEP) is…
http://aka.ms/pciblueprint is a fascinating collection of security documents for PCI compliance. They’re designed to cut the cost of building a…
You know, I left, and now look what Word wants to suggest..