Shostack + Friends Blog

At Blackhat USA, I'll be teaching Applied Threat Modeling. (28 Jun 2021)

The second video in my 60 second series! (23 Jun 2021)

Thoughts on the new federal holiday, Juneteenth (19 Jun 2021)

I'm exploring the concept of very fast threat modeling videos. (17 Jun 2021)

You know what's not in my threat model? A meteor hitting a volcano... And that's ok! (15 Jun 2021)

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems. (09 Jun 2021)

A new article by Steve Bellovin and myself at Lawfare. (07 Jun 2021)

The Supreme Court has ruled in the van Buren case, and there's a good summary on the Eff's blog. (04 Jun 2021)

People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. (01 Jun 2021)

Adam Shostack's review of the book Practical Cybersecurity Architecture (26 May 2021)

Threat model Thursday is not just back, but live again! (20 May 2021)

The National Science Foundation is looking for information on needs for datasets. (20 May 2021)

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside. (15 May 2021)

AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria. (14 May 2021)

So there's some good news and some bad news in this story: 'Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update'. (08 May 2021)