Shostack + Friends Blog

Recent Blog Posts, Page 2

Appsec Roundup - April 2025

Threat modeling. So much threat modeling, and so much more, including foreshadowing of new rules from FDA. (27 Apr 2025)

 

Threat Informed Defense Series

A great, in depth series on threat modeling with ATTACK (25 Apr 2025)

 

CVE Futures

What’s next for the CVE program? (24 Apr 2025)

 

Andor, Season 2

Excited for Star Wars: Andor Season 2 (22 Apr 2025)

 

Free Threats

Pray they don’t alter the price any further (21 Apr 2025)

 

A few thoughts on CVE

Thoughts on the CVE funding crisis (15 Apr 2025)

 

Assets, Again

What's wrong with this process? (10 Apr 2025)

 

Learning from Troy Hunt’s Sneaky Phish

(05 Apr 2025)

 

Appsec Roundup - March 2025

Big news for LLMs in threat modeling! (02 Apr 2025)

 

Introducing the DEF CON 32 Hackers' Almanack

Grateful to introduce the Hackers' Almanack! (26 Mar 2025)

 

Security Researcher Comments on HIPAA Security Rule

A group of us have urged HHS to require better handling of security reports (20 Mar 2025)

 

OWASP Training in Barcelona

Register for OWASP training in Barcelona! (15 Mar 2025)

 

The Covid pandemic, 5 years on

Thinking about Covid, five years on. (11 Mar 2025)

 

The First Constitutional Crisis of 2025

Hoping to add a little clarity to the situation (09 Mar 2025)

 

Strategy for threat modeling AI

Clarifying how to threat model AI (06 Mar 2025)