October 2007 - Posts
I’d like to talk about the STRIDE per element chart in the sixth post of my threat modeling series. I’d like to talk about where it’s from, some of the issues that come with that heritage, and how you might customize it in your own threat
Read More...
Adam again. I hope you’re still enjoying this as we hit #5 in the threat modeling series. In my last post, I talked about how almost everyone in software draws on whiteboards regularly, and this makes it an ideal first step. It’s an ideal
Read More...
Adam Shostack here, with part four of my threat modeling series. This post is a little less philosophical and a lot more prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is
Read More...
Adam Shostack again, with the third in our series on threat modeling. In this post, I want to explain one of the ‘lenses’ that seemed to help us focus threat modeling, and how I’ve applied it. The concept of flow originated with Mihaly Csikszentmihalyi.
Read More...
Adam Shostack here, with the second post in my series on the evolved threat modeling process. To summarize, what I’ve tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. I’ll talk in the next post about
Read More...
