Bruce Marshall has put together a comparison of OWASP ASVS v3 and v4 password requirements: OWASP ASVS 3.0 & 4.0…
There’s a fascinating paper, “Tuning Out Security Warnings: A Longitudinal Examination Of Habituation Through Fmri, Eye Tracking, And Field Experiments.”…
Quick: are all the flowers the same species? People regularly ask me to promote their threat modeling work, and I’m…
The White Box, and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had…
It’s well known that adoption rates for multi-factor authentication are poor. For example, “Over 90 percent of Gmail users still…
SANS has announced a new boardgame, “Pivots and Payloads,” that “takes you through pen test methodology, tactics, and tools with…
Today is John Harrison’s 352nd birthday, and Google has a doodle to celebrate. Harrison was rescued from historical obscurity by…
As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there.…
There’s an interesting new paper at bioRXiv, “The Readability Of Scientific Texts Is Decreasing Over Time.” Lower readability is also…
Each of these is long and thought-provoking and worth savoring. Angela Sasse: Can we make people value IT security? (By…