Shostack + Friends Blog

Recent Blog Posts

Take Control of What you Read, Redux

In 2026, it’s more important than ever to take control of what you read (11 Jan 2026)

 

Congratulations to ThreatModeler and IriusRisk!

Congratulations to all involved! (07 Jan 2026)

 

A few thoughts closing out 2025

Prompted by participants, a few closing thoughts for 2025 (31 Dec 2025)

 

Gavle Goat Survived 2025 - or did it?

Important news about current events (26 Dec 2025)

 

The Best Holiday Decorations

The best decorations ever (18 Dec 2025)

 

OWASP Keynote Available for Viewing!

Watch Adam's keynote 'Stop Trying to 'Manage Risk'' From OWASP 2025 (17 Dec 2025)

 

State of Threat Modeling 2024-2025

The first-ever, community-powered report on threat modeling (12 Dec 2025)

 

Windows Links and Usable Security

Some dialogs can harm the viewer (05 Dec 2025)

 

Secure By Design roundup - November 2025

Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets? (30 Nov 2025)

 

Recent accessibility improvements for the Shostack + Associates website

Accessibility is an ongoing process. Learn about some recent updates to the Shostack + Associates website that increase accessibility and usability. (25 Nov 2025)

 

OWASP Threat Modeling Reboot

Get in, we’re rebooting the OWASP Threat Modeling project! (17 Nov 2025)

 

Publishing ‘Publish Your Threat Model’

Two new versions of our “Publish your threat model” work are now available. (12 Nov 2025)

 

Secure By Design roundup - October 2025

Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more! (11 Nov 2025)

 

Stop Trying to Manage Risk!

Risk doesn’t do what we hope. We need to talk. (05 Nov 2025)

 

October Adam's New Thing!

Read up on Adam's New Thing from October (31 Oct 2025)