See latest writings about software security and a little miscellania.

Book cover art

Kohnfelder, Loren. Designing Secure Software: A Guide for Developers. No Starch Press, 2021.

Designing Secure Software consolidates more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

The book begins with a discussion of core concepts, covering trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.

You’ll learn how to:

  • Identify important assets, the attack surface, and the trust boundaries in a system
  • Evaluate the effectiveness of various threat mitigation candidates
  • Work with well-known mitigations and secure design patterns
  • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
  • Use security testing to proactively identify vulnerabilities introduced into code
  • Review a software design for security flaws effectively and without judgment

“The writing in this book is very clear and easy reading, and the examples used are both captivating and easy to understand. Kohnfelder does a great job of making a point that is easy to understand, and most of the chapters could stand alone for developers just working in that one particular area.” (read the full review)

April 2026 Link dump

 Posted on May 5, 2026

  • Anthropic Mythos: security superpowers?
  • Threat model scope matters
  • Anyone ready for quantum break in 2029?
  • Trains with 5G windows and noise-cancelling cabins: only in Japan
  • The NAND gate of continuous mathematics: all elementary functions from one operator

Anthropic holding back Mythos because they claim it has extraordinary powers to discover security flaws (whether the claims hold up or not) was a master marketing/PR move. It instantly made a big splash, generated great demand, and as a side effect it at least made the software security community wonder, “what if it’s true?” Naturally, there are all kinds of opinions, rebuttals, and reactions.

[Read More]
linkdump 

Software security with Large Language Models

 Posted on April 29, 2026

“AI” on my view is already and will certainly be a massive disruption to software in the coming years. Furthermore, we have an unprecedented wave coming that’s only just now beginning to break. Yet the biggest unknown, as I see it, is how the software community will respond, and that will be more due to social factors than purely technical. This is very much as it should be, however our very human frailties and limitations will inevitably drive how this unfolds.

[Read More]
ai 

February 2026 Link dump

 Posted on March 1, 2026

  • On “the end of security bugs”
  • STRIPPED
  • Incident response threat modeling?
  • Using CSS and PDF as emulators running code

Claude Code Security has people predicting the end of security bugs as we know them I can’t imagine anything in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?

[Read More]
linkdump 

Transparent AI use

 Posted on January 31, 2026

How much AI use is acceptable for writing? It’s a hard question because it depends greatly on context, the reader’s expectations, and the fact that it’s difficult to usefully measure “how much”. How we address this matters for several reasons, including but not limited to: creator’s responsibility and originality, honest disclosure about research effort and sources, respecting the broad spectrum of opinion about ethical use of AI.

[Read More]
ai 

Risk Perspective

 Posted on January 24, 2026

Writing in response to Adam Shostack’s excellent post “Bitlocker, the FBI, and Risk”. He nicely highlights the fundamental risk trade-off in data protection, and so long as we (often very rightly) prioritize availability we need measures that may compromise confidentiality. Also I especially liked the touch of a risk analysis not using numbers and explicitly pointing that out.

[Read More]

Dusting off

 Posted on January 24, 2026

Dusting off this venue for writing at the suggestion of a friend in the interest of more discussion online because it’s “better if we move commentary off social media.”

[Read More]

Flaunt your Threat Models!

 Posted on November 14, 2024

Threat modeling is the most powerful, underutilized, easy-to-do security methodology we have: why isn’t everybody doing it already, or why do those who are keep their work secret? If you already threat model your digital systems and products, and are doing the work already then you are doing security right so you should share it with pride. Publishing threat models may be the best evidence of excellent security work that customers and users can appreciate the value of, short of a rigorous detailed design and code review. You’ve already done the work — or if not you really should — and making it public not only is great promotion but it also helps all stakeholders understand their respective roles and responsibilities in securing larger systems. (about 4600 words)

[Read More]
security