threat modeling

Post thumbnail

I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “12 Ingenious iOS Screen Time Hacks,” I…

Read More Who Are We Kidding with Attacker-Centered Threat Modeling?

The Cybok project has released its v1 “Risk Management & Governance Knowledge Area”; I was a reviewer. Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden. Steve Lipner offers “Lessons learned through 15 years of SDL at work“ Charles Wilson has perspective on threat modeling devices in “Does…

Read More Interesting Reads: Risk, Automation, lessons and more!

Conflict online — bullying, trolling, threats and the like are everywhere. The media coverage is shifting from “OMG what are we doing about this?!” to “Wow, this is really hard.” (Ayup) I’ve been exploring how to engineer for these problems, and I joined Chris Romeo and Robert Hurlbut to talk about it on the AppSec…

Read More Threat Modeling at Layer 8

Post thumbnail

“Safety First For Automated Driving” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems. This paper is the cybersecurity specialists making the argument that cyber will fit into safety, and how…

Read More Safety and Security in Automated Driving