A collection of links and posts that I found interesting.
This month: “the end of security bugs”, STRIPPED, incident response threat modeling? Also, using CSS and PDF as emulators running code, and more.
Security
Claude Code Security has people predicting the end of security bugs as we know them I can’t imagine anything in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?
Threat modeling
STRIPPED
I’ve been thinking about updating STRIDE for a while. I have a pretty good idea what was needed but couldn’t come up with a good acronym. By the way, STRIDE took part of an afternoon, but software was simpler back then.
Introducing (rough draft) STRIPPED. Comments welcome!
Threat modeling for incident response? Python’s Security Response Team claims to threat model but how and why do you threat model responding to an incident? I don’t know how it helps much after the vulnerability is found – of course if you already have a threat model that helps a lot responding. In my view, threat modeling is most impactful at design and for code reviews.
Misc
I suspected that CSS might be over-designed, but I didn’t know that it was Turing complete. I’ve struggled with CSS but never imagined this: “x86CSS is a working CSS-only x86 CPU/emulator/computer. Yes, the Cascading Style Sheets CSS. No JavaScript required.”
And then there’s linuxpdf “Linux running inside a PDF file via a RISC-V emulator, …”
Years ago I happened to help Cory Doctorow out with a little software and he’s still using it and giving me credit in his blog six year anniversary post. It’s pretty interesting if you like wild thinking about digital tech, always food for thought. https://pluralistic.net/2026/02/19/now-we-are-six/
“Every gun that is made, every warship launched, every rocket fired signifies in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron.” — President Dwight D. Eisenhower