Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…Read More Threat Model Thursday: NIST’s Code Verification Standard
It’s the latest in the World’s Shortest Threat Modeling videos! Also, I set up https://bit.ly/adam-yt to make it easy to find my Youtube channel.Read More Collaboration in Threat Modeling
The latest in the World’s Shortest Threat Modeling Videos:Read More Sketching to Answer “What Are We Working On?”
The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure. (Press release), and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn. The first thing I…Read More Threat Model Thursday: 5G Infrastructure
At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on the first day and then going deep into each of the four questions: what are we working on, what can go wrong,…Read More Applied Threat Modeling at Blackhat 2021!
The second video in my 60 second series!Read More Why Threat Model?
I’m exploring the concept of very fast threat modeling videos, and have posted the first one. Feedback welcome!Read More Fast threat modeling videos
You know what’s not in my threat model? A meteor hitting a volcano…And that’s ok! Your threat modeling should be focused on the threats that are likely to impact your systems. So unless your system is your evil supervillain volcano lair, a meteor is likely out of scope. And unless you have giant space lasers,…Read More “Not in my threat model”?
Threat model Thursday is not just back, but live again! This week is my Using Threat Modeling to Improve Compliance at RSAC 2021. The video replay is available if you have an RSA pass, and the slides are available to all.Read More Using Threat Modeling to Improve Compliance (TM Thursday)
Apple has released (or I’ve just come across) a document Device and Data Access when Personal Safety is At Risk. Apple makes it easy to connect and share your life with the people closest to you. What you share, and whom you share it with, is up to you — including the decision to make…Read More Apple Guidance on Intimate Partner Surveillance