https://designingsecuresoftware.com/tags/linkdump/ Recent content in Linkdump on Designing Secure Software Hugo en Tue, 05 May 2026 00:00:00 +0000 https://designingsecuresoftware.com/writings/2026apr/ Tue, 05 May 2026 00:00:00 +0000 https://designingsecuresoftware.com/writings/2026apr/ <ul> <li>Anthropic Mythos: security superpowers?</li> <li>Threat model scope matters</li> <li>Anyone ready for quantum break in 2029?</li> <li>Trains with 5G windows and noise-cancelling cabins: only in Japan</li> <li>The NAND gate of continuous mathematics: all elementary functions from one operator</li> </ul> <p>Anthropic holding back Mythos because they claim it has <a href="https://red.anthropic.com/2026/mythos-preview/">extraordinary powers to discover security flaws</a> (whether the claims hold up or not) was a master marketing/PR move. It instantly made a big splash, generated great demand, and as a side effect it at least made the software security community wonder, &ldquo;what if it&rsquo;s true?&rdquo; Naturally, there are all kinds of <a href="https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html">opinions</a>, <a href="https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/">rebuttals</a>, and <a href="https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosreadyv92.pdf">reactions</a>.</p> https://designingsecuresoftware.com/writings/2026mar/ Wed, 01 Apr 2026 00:00:00 +0000 https://designingsecuresoftware.com/writings/2026mar/ <ul> <li>Google security methodology compendium</li> <li>Threat modeling</li> <li>Are attacks the only threat?</li> <li>Why is threat modeling ignored?</li> <li>Miscellaneous</li> <li>e16n next Stage 4</li> </ul> <p>Google is sharing a lot of their impressive security methodology in a recent collection of articles: <a href="https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/how-google-does-it-security-series/">How Google Does It: An inside look at cybersecurity</a>. Of special interest to me: <a href="https://cloud.google.com/transform/how-google-does-it-threat-modeling-from-basics-to-ai">Threat modeling, from basics to AI</a>.</p> https://designingsecuresoftware.com/writings/2026feb/ Sun, 01 Mar 2026 00:00:00 +0000 https://designingsecuresoftware.com/writings/2026feb/ <ul> <li>On &ldquo;the end of security bugs&rdquo;</li> <li>STRIPPED</li> <li>Incident response threat modeling?</li> <li>Using CSS and PDF as emulators running code</li> </ul> <p><a href="https://www.anthropic.com/news/claude-code-security">Claude Code Security has people predicting the end of security bugs as we know them</a> I can&rsquo;t imagine <em>anything</em> in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?</p> https://designingsecuresoftware.com/writings/2026jan/ Sun, 01 Feb 2026 00:00:00 +0000 https://designingsecuresoftware.com/writings/2026jan/ <ul> <li>on &ldquo;Bitlocker, the FBI, and Risk&rdquo;</li> <li>threat models to address hacklore</li> <li>software bloat</li> <li>software update release quality</li> </ul>