New blog post, "The People Who Served Under Trump" shostack.org/blog/the-peopl…

I remember Russian spies getting full time in-person jobs at Microsoft so my threat model has always been attuned to some form of this issue of spies infiltrating the software supply chain. theatlantic.com/international/…

Shostack + Associates is launching a new course, Scaling Threat Modeling, and we'd like your input shostack.org/blog/scaling-t…

Think Like a Hacker? Or not. youtu.be/2ITXN6Yqs-w?fe… via YouTube

shostack.org/blog/25-years-…

new blog: shostack.org/blog/russia/

Back in the day, I did some cool #security #UX work with adam shostack and Rob Reeder at Microsoft. Now Beyond Identity is recruiting for a security-savvy UX designer. Any of my #infosec peeps interested? linkedin.com/posts/allan-zi…

New video: Scaling Threat Modeling youtu.be/ySGVUMYcoMw?fe… via YouTube

wow. the best thing I've seen this election.

New blog: shostack.org/blog/policy/

My appsec roundup for October is live shostack.org/blog/appsec-ro…

New blog post: The economy shostack.org/blog/the-econo…

Synology created a patch to address the zero-click vulnerability that researchers at Midnight Blue found, but adam shostack spotted this explanation about the patch:

adam shostack Kim Zetter Midnight Blue When I saw those release notes I assumed Synology were trying to reduce codec license fees. Whatever the reason, as you say, security patches should not come at the cost of features.

I'm old enough to remember when Americans voted for the candidate they thought would do the best job.

new blog shostack.org/blog/election-…

New bloggage, shostack.org/blog/who-are-w… The paper is Who Are “We”? Power Centers in Threat Modeling, and the abstract reads: “I examine threat modeling techniques and questions of power dynamics...

Leaving my account so it can't be squatted as easily, leaving my tweets because I hate linkrot.

Who are you going to believe, me or your own eyes?