Shostack + Friends Blog

Recent Blog Posts, Page 2

Appsec Roundup - March 2025

Big news for LLMs in threat modeling! (02 Apr 2025)

 

Introducing the DEF CON 32 Hackers' Almanack

Grateful to introduce the Hackers' Almanack! (26 Mar 2025)

 

Security Researcher Comments on HIPAA Security Rule

A group of us have urged HHS to require better handling of security reports (20 Mar 2025)

 

OWASP Training in Barcelona

Register for OWASP training in Barcelona! (15 Mar 2025)

 

The Covid pandemic, 5 years on

Thinking about Covid, five years on. (11 Mar 2025)

 

The First Constitutional Crisis of 2025

Hoping to add a little clarity to the situation (09 Mar 2025)

 

Strategy for threat modeling AI

Clarifying how to threat model AI (06 Mar 2025)

 

RSAC Webinar: Building Resilient Systems

Upcoming RSAC webinar (04 Mar 2025)

 

Appsec Roundup - Feb 2025

New releases from DEF CON, the UK’s NCSC, some entertaining AI news, and more! (03 Mar 2025)

 

Inside Man

Some thoughts on the Voyager Episode ‘Inside Man’ (01 Mar 2025)

 

How to Threat Model Medical Devices, on The Medical Device Cybersecurity Podcast

Adam was on the Medical Device Cybersecurity podcast (20 Feb 2025)

 

A New Hope for Threat Modeling, on The CyberTuesday Podcast

Adam was on the CyberTuesday podcast (18 Feb 2025)

 

Blackhat and Human Factors

BlackHat invites human factors work (14 Feb 2025)

 

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

An exciting new sample TM from MITRE (13 Feb 2025)

 

Appsec Roundup - Jan 2025

An exciting month, with new threat modeling tools, cool thoughts on STAMP, bounds checking, ADRs and more! (12 Feb 2025)