Linkdump

• Google security methodology compendium
• Threat modeling
• Are attacks the only threat?
• Why is threat modeling ignored?
• Miscellaneous
• e16n next Stage 4

Google is sharing a lot of their impressive security methodology in a recent collection of articles: How Google Does It: An inside look at cybersecurity. Of special interest to me: Threat modeling, from basics to AI.

• On “the end of security bugs”
• STRIPPED
• Incident response threat modeling?
• Using CSS and PDF as emulators running code

Claude Code Security has people predicting the end of security bugs as we know them I can’t imagine anything in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?

• on “Bitlocker, the FBI, and Risk”
• threat models to address hacklore
• software bloat
• software update release quality