There’s a fascinating talk by Dan Luu, “Files are Fraught With Peril.” The talk itself is fascinating, in a horrifying, nothing works, we’re going to give up and raise goats now sort of way. He starts from the startling decision of Dropbox to drop support for all Linux filesystems except Ext4. This surprising decision stems…Read More Threat Model Thursday: Files
For my first blog post of 2020, I want to look at threat modeling machine learning systems. [Update Jan 16: Victor of the Berryville Machine Learning Security blog has some interesting analysis here. That brings up a point I forgot to mention here: it would be great to name and version these models so we…Read More Threat Modeling Thursday: Machine Learning
Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice, and I know there’s more forthcoming. I’m…Read More Empirical Evaluation of Secure Development Processes
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does…Read More Managed Attribution Threat Modeling
Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure. It’s important…Read More Medical Device Security Standards
“Includes No Dirt” is a threat modeling approach by William Dogherty and Patrick Curry of Omada Health, and I’ve been meaning to write about it since it came out. I like that it starts from context — the why this matters: Their goal is to have a single approach to security, privacy, and compliance. Reducing…Read More Includes No Dirt: Healthcare Threat Modeling (Thursday)
The Cybok project has released its v1 “Risk Management & Governance Knowledge Area”; I was a reviewer. Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden. Steve Lipner offers “Lessons learned through 15 years of SDL at work“ Charles Wilson has perspective on threat modeling devices in “Does…Read More Interesting Reads: Risk, Automation, lessons and more!
I’m excited to announce that I’m hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering. I’m finding it fascinating to dive deep into the threats, organize my knowledge, and in doing so, hopefully help us chunk and remember what we’re learning.Read More Course announcement: Tampering in Depth!
I’m excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. Details are available at Embedded Systems Security Days.Read More Training At Embedded Systems Security Days
Alexandre Sieira has some very interesting and actionable advice from looking at the Capital One Breach in “Learning from the July 2019 Capital One Breach.” Alex starts by saying “The first thing I want to make clear is that I sympathize with the Capital One security and operations teams at this difficult time. Capital One…Read More Actionable Followups from the Capital One Breach