Skip to main content

Shostack + Friends Blog

Recent Blog Posts

Publish your threat model!

We think you should publish your threat model, and we’re publishing our arguments. (16 Jun 2025)

The Essence and Beauty of Threat Modeling

Automation sounds great, but what about the essence and beauty? (13 Jun 2025)

Appsec Roundup - May 2025

Lots of fascinating threat model-related advances, new risk management tools, games, and more! (02 Jun 2025)

Andor: Insider Threats

Andor teaches us about insider threats (02 Jun 2025)

Free Threat Modeling Training for Displaced Federal Workers

Free training for displaced government employees (20 May 2025)

Blackhat Earlybird Prices End Friday

(19 May 2025)

Cyber Hard Problems Report

The Cyber Hard Problems report is coming out (14 May 2025)

Andor: Think like a leader

Think like a what??! (13 May 2025)

Andor Threats: Information Disclosure

What Andor can teach us about Information disclosure threats (03 May 2025)

The Empire’s Threat Modeling

Get one fourth off for May the fourth! (02 May 2025)

Appsec Roundup - April 2025

Threat modeling. So much threat modeling, and so much more, including foreshadowing of new rules from FDA. (27 Apr 2025)

Threat Informed Defense Series

A great, in depth series on threat modeling with ATTACK (25 Apr 2025)

CVE Futures

What’s next for the CVE program? (24 Apr 2025)

Andor, Season 2

Excited for Star Wars: Andor Season 2 (22 Apr 2025)

Free Threats

Pray they don’t alter the price any further (21 Apr 2025)

<
1
2
3
…
43
>

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.