Now that I've posted something, it is probably worth introducing who I am.  My name is Frank Swiderski, and I've been with Microsoft for about two years now.  Prior to that, I worked for the security consulting firm @stake, Inc.  For the past four years, I've worked in commercial software security.  This includes your standard security auditing and design sorts of activities:  penetration testing, code review, tool creation, of course threat modeling, and so on.  Before @stake, I was employed by the Department of Defense (both as a civilian and a contractor) for about three years, where I also did some security work.

If my name is at all familiar, it could be because:

  • You used @stake WebProxy 1.0 (I was the primary developer on this).
  • You've tried out the Threat Modeling Tool from the downloads area at (I was also the developer on this).
  • You ordered the Threat Modeling book from MSPress (I was co-author).
  • You've seen my very unfortunate page on the Texas A&M OS/2 users' group web site (  I really wish someone would take that down.  :)

That's the summary.  The bits and pieces can be filled in with google or a small bit of social engineering work.

This posting is provided "AS IS" with no warranties, and confers no rights.