I’m excited to say that Threat Modeling: Designing for Security is now available in Chinese. This is a pretty exciting milestone for me — it’s my first book translation, and it joins Elevation of Privilege as my second translation into Chinese. You can buy it from Amazon.cn.Read More Threat Modeling, Chinese Edition!
One of the most interesting security books I’ve read in a while barely mentions computers or security. The book is Petroski’s The Evolution of Useful Things. As the subtitle explains, the book discusses “How Everyday Artifacts – From Forks and Pins to Paper Clips and Zippers – Came to be as They are.” The chapter…Read More The Evolution of Secure Things
I was irked to see a tweet “Learned a new word! Pseudoarboricity: the number of pseudoforests needed to cover a graph. Yes, it is actually a word and so is pseudoforest.” The idea that some letter combinations are “actual words” implies that others are “not actual words,” and thus, that there is some authority who…Read More On Language
Simson Garfinkel and Heather Lipford’s Usable Security: History, Themes, and Challenges should be on the shelf of anyone who is developing software that asks people to make decisions about computer security. We have to ask people to make decisions because they have information that the computer doesn’t. My favorite example is the Windows “new network”…Read More Usable Security: History, Themes, and Challenges (Book Review)
Bruce Schneier says nice things about my latest book.Read More Thanks, Bruce!
For Star Wars day, I’m happy to share this event poster for my talk at Ada’s Books in Seattle Technical Presentation: Adam Shostack shares Threat Modeling Lessons with Star Wars. This will be a less technical talk with plenty of discussion and interactivity, drawing on some of the content from “Security Lessons from Star Wars,”…Read More Seattle event: Ada's Books
I am super-excited to announce that my new book, Threat Modeling: Designing for Security (Wiley, 2014) is now available wherever fine books are sold! The official description: If you’re a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall…Read More Threat Modeling: Designing for Security
I blogged yesterday about all the new works that have entered the public domain as their copyright expired in the United States. If you missed it, that’s because exactly nothing entered the public domain yesterday. Read more — but only commentary, because there’s no newly free work — at “What Could Have Entered the Public…Read More What's Copyright, Doc?
Recently the kind folks at No Starch Press sent me a review copy of Rich Bejtlich’s newest book The Practice of Network Security Monitoring and I can’t recommend it enough. It is well worth reading from a theory perspective, but where it really shines is digging into the nuts and bolts of building an NSM…Read More A Mini-Review of "The Practice of Network Security Monitoring"
I have to start off by apologizing for how very late this review is, an embarrassing long time ago, the kind folks at No Starch Press very kindly gave me a copy of “Super Scratch Programming Adventure” to review. Scratch for those that aren’t familiar is a kids oriented programming language designed by Mitchel Resnick…Read More A Very Late Book Review