Profile avatar
adamshostack.bsky.social
Threat modeling. BH Review Board. Affiliate Professor, UW. Fixed autorun. Helped create CVE. Not sure why we're building graphs on yet another (practically) centralized system. https://infosec.exchange/@adamshostack
269 posts 2,482 followers 320 following
Regular Contributor
Active Commenter
Posts 28 Comments 22

I’m proverbially humbled and manifestly honored by the ACM’s recognition as Distinguished Member. This is obviously an achievement that would have never been possible without my amazing students and collaborators or the support and mentorship of so many people. www.acm.org/media-center...

submitted 10 days ago • 4 comments

Our latest issue of ThinkstScapes is now available for download. For this issue (covering the last quarter of 2024) we tracked over over 1400 talks and scoured content from almost 1100 blog posts. As always, PDF, ePUB and an audio summary are available free (with no reg-wall) at thinkst.com/ts

submitted 2 days ago • 0 comments

SCOOP: The National Academies of Science, Engineering, and Medicine, arguably the nation's most powerful scientific organization, is bending to political pressure and removing terms like "health equity" from pending reports. Members are not happy. Story by me: www.statnews.com/2025/02/20/n...

submitted 2 days ago • 35 comments

Y'all that subscribed to blocklists months ago might want to go back and check whether they're delivering what they claimed. I'd block Yglesias on sight, don't get me wrong, but his is not, in fact, a "far right account." So I've given up on that blocklist.

submitted 2 days ago • 16 comments

Aaaand Putin gets everything he wanted. www.nytimes.com/2025/02/18/u...

submitted 4 days ago • 0 comments

You can still order four free tests. Do it quickly and ask others to do it, even if you don't feel you need them. Others in your community will. covidtests.gov

submitted 4 days ago • 3 comments

Ding ding ding! Watch this. He’s laying it out. My team at Stanford Internet Observatory documented this process meticulously, over & over again, in 2020. The R machine retaliated against us. When Elon bought X, it became even sharper. The rest of the political spectrum needs to get in the game.

submitted 5 days ago • 39 comments

DEF CON's Franklin Project has released the First Inaugural Hackers' Almanack! Grab it for yourself for an easily digestible compendium of remarkable research from DEF CON 32. https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20Hackers'%20Almanack.pdf […] [Original post on defcon.social]

submitted 5 days ago • 0 comments

Just remember, the time between an apparent decisive victory (the destruction of the first Death Star) & an actual decisive victory (the destruction of the second Death Star) was 4 years, during which most of the time life sucked for everyone because the Empire was striking back all over the place.

submitted 6 days ago • 38 comments

Even the most disturbing RFK Jr. headline always manages to have a detail inside creepier than you could have imagined. I’m sorry, did you just say Black kids should have a chance to get “re-parented”???? Gift link wapo.st/4hW2xGI

submitted 5 days ago • 819 comments

Hey @JDVance, and @elonmusk, and @realDonaldTrump it looks like the Auschwitz Memorial wants to educate you. STOP LYING TO THE AMERICAN PEOPLE.

submitted 5 days ago • 828 comments

You’d think Elon “pedo guy” Musk would remember that in the US, defamation is a civil matter for which you can’t be jailed.

submitted 6 days ago • 0 comments

Stellan Skarsgård's masterful portrayal in Andor of undercover Rebel Luthen Rael has earned a spot among Variety's top 100 greatest television performances of the 21st century. dorksideoftheforce.com/andor-stella...

submitted 6 days ago • 0 comments

I don't know who needs to hear this, but #authors! It's ok to promote your #book here. I say that because despite following @philipncohen I didn't know he had a new book until I saw a review at https://www.science.org/doi/10.1126/science.adv2036 . So Philip: Please, say more about your book […]

submitted 6 days ago • 1 comment

““We strongly believe that a national data privacy standard is necessary to protect Americans’ rights online and maintain our country’s global leadership in digital technologies, including artificial intelligence”” The worst people you know making a good point.

submitted 7 days ago • 2 comments

Giving infectious disease research a break, as promised by the MAHA agenda. Let's break down what exactly this Executive Order is *really* saying. Fortunately, I speak fluent anti-vax grifterese & can translate. www.whitehouse.gov/presidential...

submitted 9 days ago • 105 comments

Today, CDT & 100+ civil society orgs, companies, & cybersecurity experts – as part of an effort led by the Global #Encryption Coalition (GEC) – submitted a letter to British Home Secretary calling on the UK Home Office to rescind its demand that Apple create a backdoor into its #E2EE services.

submitted 9 days ago • 3 comments

I'm tired of reading about "sophisticated actors" who just asked for and were given the admin password. Has anyone produced a classification scheme to rate threat actors *and* the tactics they used? "Sure it was a Class 1 threat actor, but they just used a Class 4 attack vector". Links welcome!

submitted 9 days ago • 3 comments

Dug into NIST's draft on threat modeling for genomic sequencing—lots of depth, but I think splitting ‘how-to’ from ‘sample output’ would make it clearer. Also, we need secure-by-design sequencing gear. I break it all down in my latest post shostack.org/blog/threat-... #threatmodeling

submitted 9 days ago • 1 comment

My latest AppSec Roundup covers new threat modeling tools like ThreatPad + Guardio, insights on STAMP for system resilience, a deep dive into C++ bounds check, cool ADR resources, proposed HIPAA security rule changes, a new cybersecurity exec order + somuchmore. #AppSec shostack.org/blog/appsec-...

submitted 10 days ago • 0 comments

The @laist.com folks wrote up a nice piece about the work my former team did, the impact we had on teachers and future scientists and engineers, and what our layoffs mean to local educators. laist.com/news/educati...

submitted 11 days ago • 4 comments

Boiler up! 🔨 I will be a guest of CERIAS’s Weekly Security Seminar Series in a talk called “Risk is Not Axiomatic,” where we will discuss how systems are secured at a practical level! 🎤 Register now to reserve your spot! 📅 February 12, 2025 @ 4:30pm ET 📍 Zoom 🔗 shorturl.at/IOtMx

submitted 11 days ago • 1 comment

Not that I'm going to be controversial or skewering any deeply held beliefs, but I suggest keeping your claims "risk is fundamental to how we do our jobs" far from Perdue on Wednesday.

submitted 12 days ago • 0 comments

Wed. Feb. 12th, 4:30pm ET: "Risk is Not Axiomatic" Adam Shostack, Shostack + Associates, @adamshostack.bsky.social Live on Zoom: ceri.as/stostack

submitted 12 days ago • 0 comments

Absolutely terrifying

submitted 14 days ago • 0 comments

What credit cards offer a million dollar limit?

submitted 15 days ago • 1 comment

I’m old enough to remember when the Russians would hide their payoffs to Americans

submitted 15 days ago • 0 comments

I’m old enough to remember when taking money from Russian propagandists would have led Republicans to call a candidate “red-loving”

submitted 15 days ago • 0 comments