December 2019

I’m featured in (local NPR Affiliate) KUOW’s Primed: Season 3, Episode 8. I appreciate how the sense of fun that many security people bring to their work comes through. For me, it was fun learning about how Elevation of Privilege works for non-techies. (Spoiler: not super-well, you need to select the cards pretty carefully. Maybe…

Read More Echo, Threat Modeling and Privacy

Post thumbnail

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice, and I know there’s more forthcoming. I’m…

Read More Empirical Evaluation of Secure Development Processes

Over the years, a number of people set up Feedburner accounts to proxy RSS from our blogs into their system. I generally have no issue with people reading how they choose, but I cannot provide support or management. Google is end of lifing the old Feedburner, and for those of you reading via Feedburner RSS, I humbly ask that you update to https://adam.shostack.org/blog/feed/ or https://adam.shostack.org/blog/comments/feed/ (with comments).

Cyber The Huawei and Snowden Questions, by Olav Lysne is a deep dive into what happens when an untrusted vendor builds your trusted computing base, and more importantly, why a great many of the “obvious” ways to address those risks are subject to easy work-arounds. This is unhappy news for Huawei, but more importantly, as…

Read More Books Worth Your Time (Q4)