Shostack + Friends Blog Archive


What do you want to know about SDL Threat Modeling?

Over on my work blog [link to no longer works], I asked [link to no longer works]:

I’m working on a paper about “Experiences Threat Modeling at Microsoft” for an academic workshop on security modeling. I have some content that I think is pretty good, but I realize that I don’t know all the questions that readers might have.

So, what questions should I try to answer in such a paper? What would you like to know about? No promises that I’ll have anything intelligent to say, but I’d love to know the questions you’re asking. So please. Ask away!

Comment here or there [].