Adam Shostack

About

Adam Shostack is a leading industry expert on secure software development, with a focus on threat modeling techniques. He has decades of experience delivering security to customers. That experience ranges across the business world from founding startups to nearly a decade at Microsoft.

His accomplishments include: Helped create the CVE (now an Emeritus member of the Advisory Board), fixed Autorun for hundreds of millions of systems, led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3), created the Elevation of Privilege threat modeling game, and advised on the creation of Control-Alt-Hack.

Additionally, he serves as an advisor to the Research Institute for Sociotechnical Cyber Security (RISCS), the Journal of Cybersecurity, the Privacy Enhancing Technologies Symposium and served as in various roles in the early years of the International Financial Cryptography Association.

Teaching

• Security Engineering (CSE-590P) Autumn 2023
• Security Engineering (CSE-590P) Autumn 2021

Publications

Books

• Threat Modeling: Designing for Security
• Threats: What Every Engineer Should Learn from Star Wars
• The New School of Information Security with Andrew J. Stewart

Papers

See my list of published papers at Google Scholar. A more general list of writing is here.