Shostack + Friends Blog

Recent Blog Posts

Recent accessibility improvements for the Shostack + Associates website

Accessibility is an ongoing process. Learn about some recent updates to the Shostack + Associates website that increase accessibility and usability. (25 Nov 2025)

 

OWASP Threat Modeling Reboot

Get in, we’re rebooting the OWASP Threat Modeling project! (17 Nov 2025)

 

Publishing ‘Publish Your Threat Model’

Two new versions of our “Publish your threat model” work are now available. (12 Nov 2025)

 

Secure By Design roundup - October 2025

Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more! (11 Nov 2025)

 

Stop Trying to Manage Risk!

Risk doesn’t do what we hope. We need to talk. (05 Nov 2025)

 

October Adam's New Thing!

Read up on Adam's New Thing from October (31 Oct 2025)

 

The Moonwalkers

Go see The Moonwalkers (30 Oct 2025)

 

OWASP Board Thoughts 2025

Please vote for the OWASP 2025 board (24 Oct 2025)

 

LeanAppSec Announcement

Watch a masterclass in effective security processes (22 Oct 2025)

 

Prompt Engineering Requires Evaluation

(20 Oct 2025)

 

AI Insurance Won't Save You

LLM Insurance is, and will remain, a great source of insurer profits. (08 Oct 2025)

 

Secure By Design roundup - September 2025

The secret service, the CSRB, the CMMC, Sept was pretty busy in government. Plus Apple's Memory Integrity and a nice short paper on prompt-based attacks. (01 Oct 2025)

 

Adam Featured on Inside MedTech Innovation

Learn from the past and advance your threat modeling skills! (29 Sep 2025)

 

Lunar Rover Vehicle, Redux

What can the moon buggy teach us about modeling? (17 Sep 2025)

 

Apollo 15 Lunar Rover Vehicle

What can a signed Apollo 15 print teach us about modern threat modeling and risk management? (15 Sep 2025)