I should mention, if you want to dive really deep on what trust boundaries are or where they should be, my company is having a sale on our self paced threat modeling courses Use code BTS-25-2024 to get 25% off: Essentials: https://courses.shostack.org/pages/essentials-201 Intensive […]

Very disappointed that San Francisco, with pretensions of being “the tech capital”, didn’t have any 747s. Here’s one from New York, captured last month. Step it up SFO! 😀

I find myself really irked by the headline here. The problem is not a "simple website bug", the problem is that they wrote thousands of lines of code without ever thinking about what the trust boundaries are, or should be. This is a massive design flaw […] [Original post on infosec.exchange]

I’m doing a book signing at owasp appsec right now at phoenix Security’s booth and we did a video! https://www.linkedin.com/posts/fracipo_owasp-aspm-ugcPost-7245553203646259200-XcCE

We're ironing out the details for #ArsMagica#CreativeCommons open licensing to happen in the upcoming Backerkit campaign -- this is the current draft page about it. I'm happy to get feedback from folks with experience and opinions about CC and open licensing -- please feel free to boost […]

I always get a small frisson of joy seeing a 747 still operating. Reminds me of the days that Boeing was engineer lead — and world-defining.

Shostack + Associates updates * Adam will be doing a book signing at the Pheonix Security booth at OWASP Global Appsec San Francisco on Friday the 27th at 3PM. * Adam will be keynoting ThreatModCon San Francisco (Sept 27-28), immediately after OWASP Global Appsec... and we’ll have our […]

The Threat Modeling Naturally Tool: An Interactive Tool Supporting More Natural Flexible and Ad-Hoc Threat Modeling, by Ron Thompson and many co-authors, at USENIX Symposium on Usable Privacy and Security (SOUPS). (Paper + tool release). Bertram Dorn and Paul Vixie of AWS have a new whitepaper […]

If you say threat modeling three times, it appears! This month’s roundup focuses on recent in-depth threat modeling work, including academic papers, an Amazon white paper, and more. Also, exciting news from Shostack + Associates. There was less in AI […] [Original post on infosec.exchange]

I think I’m. Going to add a Darth Vader clause to my contracts. If I can attribute this to your purchasing department I get to force choke someone.