Check out the show notes for links to articles we covered.

Threat Modeling

Hello Protocols, Packets, and Programs,

I interrupt this intro to celebrate the imminent arrival of the movie, 28 Years Later, coming this Friday.

If you don’t know, it’s the third movie in the series started by 28 Days Later.

The second one was, predictably, 28 Weeks Later, which is still less time than most orgs take to patch vulns.

But zombie movies aren’t appealing, at least to me, because of the number of undead in them, nor are appsec programs useful because of the number of CVEs they track.

Really good ones are about how people respond and band together.

So, whether the head you’re aiming for is a zombie or a git repo,

Don’t forget to have a strategy that avoids a horde of threats in the first place.