2021

Hey you! Out there beyond the wall, breaking bottles in the hall, you haven’t removed this feed from your RSS reader! If you add this feed there’s a training discount on my next open training course, kicking off October 11.

Read More Training Discount

If you’re seeing this in your feed, have you also seen a bad Star Wars joke? Because I’ve got one on the new blog. Please add https://shostack.org/feed.xml, or replace the feed you’re reading with it. (This is the adam.shostack.org version of this post; the new post is just at shostack.org)

Read More Star Wars Jokes?

I’m in the process of replacing this site, threatmodelingbook.com, and the associates.shostack.org site with a new, unified https://shostack.org. I’ll be saying more about the redesign, but as part of it, I’m migrating the blog over there. There are a few new posts there that I forgot to mirror here, including: Threat Modeling Through the JoHari…

Read More Blog updates

Post thumbnail

There’s a really interesting article in MIT Tech Review, Hundreds of AI tools have been built to catch covid. None of them helped. Oops, I think I gave away the ending. But there’s a lot of fascinating details: Many unwittingly used a data set that contained chest scans of children who did not have covid…

Read More The COVID testbed and AI

Post thumbnail

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…

Read More Threat Model Thursday: NIST’s Code Verification Standard