There’s more than one way to threat model

by adam on April 23, 2014

Today, most presentations on threat modeling talk about each phase of the process. They talk about how to model what you’re building, what can go wrong, and what to do about it. Those tightly coupled processes can be great if (…)

Read the rest of this entry »

Threat modeling the Dread Pirate Roberts way

by adam on April 21, 2014

It has to be said that no one in the Princess Bride is great at threat modeling. But one scene in particular stands out. It’s while they’re planning to attack the castle and rescue Buttercup: Westley: I mean, if we (…)

Read the rest of this entry »

Threat Modeling & Devops: Like Peanut Butter & Jelly

by adam on April 17, 2014

George Hulme interviewed me for Devops.com, and the article is at “Q&A: Speaking DevOps and Threat Modeling.” Its obvious that devops is an important trend, andit’s important to understand how to align threat modeling to that world.

Should I Start Threat Modeling from Assets?

by adam on April 15, 2014

A couple of reviewers have commented that they have different perspective on assets. For example, in a review I very much appreciated, Gunnar Peterson says: I have slightly a different perspective on Shostack’s view on assets. The book goes into (…)

Read the rest of this entry »