Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…Read More Threat Model Thursday: NIST’s Code Verification Standard
It’s the latest in the World’s Shortest Threat Modeling videos! Also, I set up https://bit.ly/adam-yt to make it easy to find my Youtube channel.Read More Collaboration in Threat Modeling
The latest in the World’s Shortest Threat Modeling Videos:Read More Sketching to Answer “What Are We Working On?”
The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure. (Press release), and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn. The first thing I…Read More Threat Model Thursday: 5G Infrastructure
At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on the first day and then going deep into each of the four questions: what are we working on, what can go wrong,…Read More Applied Threat Modeling at Blackhat 2021!
The second video in my 60 second series!Read More Why Threat Model?
I’m thrilled that Juneteenth will be a Federal holiday. We need more holidays that celebrate freedom, and there’s few events that increase freedom as much as emancipating people who were enslaved. That is, freeing them from the threat violence would be used against them, and they would have no recourse. The United States also needs…Read More Juneteenth: A New Federal Holiday
I’m exploring the concept of very fast threat modeling videos, and have posted the first one. Feedback welcome!Read More Fast threat modeling videos
You know what’s not in my threat model? A meteor hitting a volcano…And that’s ok! Your threat modeling should be focused on the threats that are likely to impact your systems. So unless your system is your evil supervillain volcano lair, a meteor is likely out of scope. And unless you have giant space lasers,…Read More “Not in my threat model”?
There’s an infinite number of studies of ransomware lately, all breathlessly talking about how to fight this dangerous threat. They’re all dangerously wrong. Ransomware is not the problem. I’m being intentionally provocative in my latest Dark Reading ColumnRead More Ransomware is Not the Problem