GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Friday, 31-Jan-2025 04:20:59 JST Adam Shostack :donor: :rebelverified: Adam Shostack :donor: :rebelverified:

    Hoarding, Debt and Threat Modeling (blog post cross post)

    During a recent threat modeling course, one of our students, Aleksei*, made a striking comparison that resonated with a lot of us: starting security analysis is like tackling a hoarder’s house. That visceral image of looking at mountains of accumulated issues, feeling overwhelmed by where to begin, captures a challenge many engineering leaders face when they first attempt to systematically assess their system’s security.

    Perhaps the reason it’s evocative is most of us have been in the situation of everywhere we look, there’s more problems. Where do you begin? And that feeling of being overwhelmed, of not knowing where to start... well, again, evocative

    (1/4, https://shostack.org/blog/hoarding-debt-and-threat-modeling/)

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: shostack.org
      Shostack + Friends Blog > Hoarding, Debt and Threat Modeling
      from @adamshostack
      The psychology of getting started threat modeling

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.