Software Engineering

Post thumbnail

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…

Read More Threat Model Thursday: NIST’s Code Verification Standard

“AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria. We love to see brand new speakers, seasoned speakers and everyone in between. Their call for presentations is now open.

Read More Pacific Northwest Appsec Conference

There’s a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security. One of the elements I want to draw attention to is: The use of IoT devices by perpetrators of domestic abuse is a pressing and deeply concerning problem that is largely hidden from view. Collecting data (and…

Read More IoT Security & Threat Modeling

This is a really encouraging set of trends that Sandy Carielli reports on: My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked…

Read More Mmmm, Pandemic Puppies

Post thumbnail

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines. First, the FDA has authorized two vaccines for emergency use. The review memoranda (Pfizer, Moderna) are all sorts of fascinating. As the kids say, TL;DR: both vaccines are safe and no…

Read More Vaccines