threat modeling

Post thumbnail

Practicing physical distancing has already dramatically changed how we work, and will continue to do so. Being physically distant means we can’t use a whiteboard to help us talk through “what are we working on?” There are technical facets of threat modeling, like using visual models to show and scope “what are we working on?”…

Read More Answering “What Are We Working On” When Remote

Post thumbnail

The Berryville Institute of Machine Learning (BIML) has released “An Architectural Risk Analysis of Machine Learning Systems.” This is an important step in the journey to systematic, structured, and comprehensive security analysis of machine learning systems, and we can contrast it with the work at Microsoft I blogged about last month. As always, my goal…

Read More Threat Model Thursday: BIML Machine Learning Risk Framework

For reasons I can’t quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. In the meantime, my friends at Agile Stationery have transcribed a talk that Mark Vinkovits and I gave at AppSec Cali last year. Their posts are…

Read More Threat Model Thursday: Games