Using Threat Modeling to Improve Compliance (TM Thursday)
Threat model Thursday is not just back, but live again!
Shostack + Friends Blog
Recent Blog Posts, Page 21
NSF Wants Data on Your Data Needs
The National Science Foundation is looking for information on needs for datasets.
Colonial Pipeline, Darkside and Models
The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.
Pacific Northwest Appsec Conference
AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria.
Tracking Company Says 96% of iPhone Users Block Tracking
So there's some good news and some bad news in this story: 'Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update'.
Apple Guidance on Intimate Partner Surveillance
Apple has released ‘Device and Data Access when Personal Safety is At Risk’ and I wanted to explore it a bit.
Threat Model Thursday: Technology Consumers
“It depends on your threat model...”
'Stop Vaccine Finger Wagging'
Just stop.
This time for sure, Pinky!
If everyone agrees on what we should do, why do we seem incapable of doing it?
IoT Security & Threat Modeling
Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.
Threat Model Thursday: Github's Approach
A bunch of people recently asked me about Robert Reichel’s post 'How We Threat Model,' and I wanted to use it to pick up on Threat Model Thursdays.
The Updates Must Go Through
The timing of updates is not coincidental.
Can Training Work Remotely?
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there's a strong expectation that training involves whiteboards...
Behind the Scenes: Training Development
Developing a training program is hard, especially when it will be delivered remotely.
Passover Pie
For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain.