Shostack + Friends Blog
Posts in category “threat modeling”
October Adam's New Thing!
Read up on Adam's New Thing from October
LeanAppSec Announcement
Watch a masterclass in effective security processes
Lunar Rover Vehicle, Redux
What can the moon buggy teach us about modeling?
How could LLMs change threat modeling
LLMs will change threat modeling. Will it be for the better?
OWASP Training in Washington, D.C.
Register for OWASP training in Washington D.C.!
Our back to school sale
Our biggest back to school sale of the year!
Mansplaining your threat model, as a service
Everyone wants robots to help with threat models. How’s that working out?
Threat Modeling Tools
A 2025 view of threat modeling tools
Risk Management and Threat Modeling
Threat modeling finds threats; risk management helps us deal with the tricky ones.
The Cyber Resilience Act (CRA)!
The CRA is coming and it's going to be a dramatic change for technology producers
Threat modeling as a dial, not a switch
Thinking of threat modeling with a knob helps you get more out of it.
Google’s approach to AI Agents -- Threat Model Thursday
What can we learn from Google’s approach to AI Agent Security
Publish your threat model!
We think you should publish your threat model, and we’re publishing our arguments.
The Essence and Beauty of Threat Modeling
Automation sounds great, but what about the essence and beauty?
Free Threat Modeling Training for Displaced Federal Workers
Free training for displaced government employees
Andor: Think like a leader
Think like a what??!
Andor Threats: Information Disclosure
What Andor can teach us about Information disclosure threats
The Empire’s Threat Modeling
Get one fourth off for May the fourth!
Threat Informed Defense Series
A great, in depth series on threat modeling with ATTACK
Free Threats
Pray they don’t alter the price any further
Assets, Again
What's wrong with this process?
Introducing the DEF CON 32 Hackers' Almanack
Grateful to introduce the Hackers' Almanack!
OWASP Training in Barcelona
Register for OWASP training in Barcelona!
Strategy for threat modeling AI
Clarifying how to threat model AI
RSAC Webinar: Building Resilient Systems
Upcoming RSAC webinar
A New Hope for Threat Modeling, on The CyberTuesday Podcast
Adam was on the CyberTuesday podcast
Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)
An exciting new sample TM from MITRE
Hoarding, Debt and Threat Modeling
The psychology of getting started threat modeling
Spatial Reasoning and Threat Modeling
Do diagrams leverage the brain in a different way?
Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19
Emerging research on Cyber Public Health
A Different Hackathon Design?
What should hackathon judges value?
The Four Question Framework for Threat Modeling
Our latest whitepaper!
Black Friday Sale
Our biggest black friday sale this year!
Why do we call them trust boundaries?
Why do we call them trust boundaries, anyway?
Scaling Threat Modeling
Our newest course: Scaling Threat Modeling
MITRE ATT&CK: Threat Model Thursday
Threat model Thursday, let's dive deep into a detailed approach to using ATT&CK
Coaching
Scaling threat modeling can be a challenge!
ThreatModCon San Francisco
Threatmodcon was amazing
Our back to school sale is ending
Our biggest sale ever ends today!
Our back to school sale
Our biggest sale ever!
Office Hours after training
Office hours are one way we strive to deliver a great training experience.
Inherent threats talk (ThreatModCon)
My talk from ThreatModCon Lisbon 2024
Threat Modeling and Logins, Redux
How to effectively threat model authentication.
Threat Modeling and Logins
Authentication is more frustrating to your customers when you don’t threat model.
Blackhat Training Early Bird
The early bird pricing for my Blackhat training expires this Friday
Diagrams and Symbols in Threat Models
How can we think about non-standard symbols in threat modeling diagrams?
Enterprise Security Weekly: Podcast Episode with Adrian Sanabria
Adam on Enterprise Security Weekly podcast
Leveraging our training platform
How we leverage a platform for great training
Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee
Adam on Healthcare Info Security podcast
Adventures in LLM Coding
Exploring LLM-driven coding as I get ready for Archimedes
Inherent Threats (Whitepaper)
We have an awesome new white paper available!
ThreatModCon Lisbon 2024
Submit your papers for ThreatModCon 2024 now!
The Security Table: Podcast Episode with Chris Romeo
Adam on The Security Table podcast
My Instructional Journey
Thoughts on my instructional journey - and what yours might be
Red Teaming
Red Teaming by Bryce Hoffman is a thought-provoking read.
Threat Modeling Capabilities Released
A great new resource for threat modeling
The Nazgul of Threat Modeling
(no description available)
C2PA Threat Modeling
What can we learn from the C2PA security considerations document?
Application and AI roundup - September
September was a big month in appsec for both memory safety and policy
Open training: Threat Modeling for Champs (October)
Seats are available in our October training
Threat Modeling and Secure by Design
Our feedback to CISA is now public
Five Threat Model Diagrams for Machine Learning
Some diagrams to help clarify machine learning threats
Cumulus
Cumulus is a cloud-oriented version of Elevation of Privilege
Threat Modeling Google Cloud (Threat Model Thursday)
NCC has released a threat model for Google Cloud Platform. What can it teach us?
Threats, To The Supply Chain
The threats book is in the supply chain, inconsistently.
Threats Book Launch Party
The live launch party for Threats!
Threats Book is Complete
The serious side of the book
Threats: The Table of Contents
Like the Force, each threat has a light side, and a dark side.
Threat Modeling is Measure Twice, Cut Once
Threat Modeling is the software version of measure twice, cut once.
The Appsec Landscape in 2023
External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you.
Fast, Cheap and Good, Redux
A new paper on how fast, cheap and good can combine into something we usually discount.
More on GPT-3 and threat modeling
More thoughts about AI and threat modeling
Darkreading: Threat Modeling in the Age of OpenAI's Chatbot
Pointer to Adam’s latest Darkreading article
Human-Centered Security
Threat Modeling for UX Designers with Adam Shostack on Heidi Trost's podcast
The Threats book is complete
Threats is almost in bookstores
Miro Threat Modeling Template for EoP
A Miro template for Elevation of Privilege
Medical Device Threat Modeling Boot Camp
Oh my gosh, the boot camps are back!
Threat Modeling for Security Champs
Our next open course is in just a few weeks!
Threat Modeling Training Announcements Fall, 2022
Our fall course offerings
Threats — The Cover
So excited to share the cover with you
Authentic Thoughts About What Can Go Wrong
Threat modeling doesn't need to be big and complex
OWASP podcast with Matt Tesauro
Adam joined Matt Tesauro on the OWASP podcast
The Grimes Model of Scams
Roger Grimes has an exciting new model of scams that's going to transform how we teach people ot defend against them.
How Executives Can Use Threat Modeling
You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.
Elevation of Defenses
Using games to help us explore engineering techniques
How To Choose a Threat Modeling Training
Understanding how to choose the right threat modeling training can give you the education you want for the skills you need.
#WeHackPurple: Podcast Episode with Tanya Janca
Adam on #WeHackPurple podcast
Elevation of Privilege: New Cards for 2022
Holy cow, we’ve added new cards to Elevation of Privilege!
Threat Modeling Open Training: First Quarter, 2022
Open threat modeling training, Q1 2022
Fast, Cheap + Good Whitepaper
Threat modeling doesn't need to be a slow, heavyweight activity!
FDA Threat Modeling Playbook Now Available
How to threat model medical devices? The FDA has released a playbook!
Medical Device Threat Modeling Webinar
An important webinar by MDIC about the medical device threat modeling playbook is now available!
Breaking into threat modeling
A video interview by OWASP leader Vandana Verma, on the topic of breaking into threat modeling.
Trainings at Global Appsec 2021
Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021
What are we going to do: CO2 edition
What happened when Microsoft tried to buy climate abatements
Lessons Learned: Playing Elevation of Privilege
We learn while we're having fun. Some takeaways from a recent play to learn session.
NIST Brings Threat Modeling into the Spotlight
New at Darkreading, a post on NIST and threat modeling
What can go wrong?
The World's Shortest Threat Modeling Video series continues with .. what can go wrong?
Training discounts!
Are you tired of escalations and fights after pen tests find crucial security issues at the last minute? I have a discount code for upcoming threat modeling training that can help!
Threat Modeling Through the JoHari Window
Let me call your attention to a new post by Irene Michlin, “Where Threat Modelling fits in the matrix?” (with a few comments on why it matters).
Training - October
Are you tired of escalations and fights after pen tests find crucial security issues at the last minute? I have upcoming threat modeling training that can help!
Zen and the art of not quantifying risk
Many people want their threat modeling work to produce risk numbers, and in this post you'll learn why that's a mistake.
Threat Model Thursday: NIST’s Code Verification Standard
Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.
Collaboration in Threat Modeling
It's the latest in the World's Shortest Threat Modeling videos!
Sketching to Answer 'What are we working on?'
The latest in the World's Shortest Threat Modeling Videos.
Applied Threat Modeling at BlackHat 2021
At Blackhat USA, I'll be teaching Applied Threat Modeling.
Why Threat Model?
The second video in my 60 second series!
Fast threat modeling videos
I'm exploring the concept of very fast threat modeling videos.
'Not in my threat model'?
You know what's not in my threat model? A meteor hitting a volcano... And that's ok!
Using Threat Modeling to Improve Compliance (TM Thursday)
Threat model Thursday is not just back, but live again!
Apple Guidance on Intimate Partner Surveillance
Apple has released ‘Device and Data Access when Personal Safety is At Risk’ and I wanted to explore it a bit.
IoT Security & Threat Modeling
Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.
Can Training Work Remotely?
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there's a strong expectation that training involves whiteboards...
Behind the Scenes: Training Development
Developing a training program is hard, especially when it will be delivered remotely.
Threat Modeling Classes
Through the pandemic, I’ve rebuilt the way I teach threat modeling. The new structure and the platforms I needed to adapt for my corporate clients also allows me to offer the courses to the public.
Linkedin Learning
Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.
Better OKRs Through Threat Modeling
Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.
Threat Modeling and Social Issues
For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.
Irius Risk & Gary McGraw
Dr. Gary McGraw joins the IriusRisk Technical Advisory Board
The Asset Trap
As we look at what's happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling.
Elevation of Privilege In The Time of Cholera, Redux
So far, so good.
Stencils and Sketch Books
Going beyond the whiteboard.
A Threat Modeling Manifesto
A diverse set of experts and advocates for threat modeling are releasing a threat modeling manifesto, modeled after the agile manifesto and focused on values and principles.
Training: Threat Modeling for Security Champions
Expanding on our distributed class structure.
A PCI Threat Model
Compliance isn't Security, oh and something I wrote.
Starting Threat Modeling: Focused Retrospectives are Key
Don't skip this important step.
Threat Modeling, Insiders and Incentives
Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.
Elevation of Privilege In The Time of Cholera
How to play in person games while maintaining safe distances.
Better Taught Than Caught!
Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means.
Information Disclosure In Depth
I have something to disclose...
When to Threat Model
A talk from the Biohacking Village at DefCon brought up a good point.
Video Series
Not usually one for the video format, I'm expanding my horizons thanks to 2020 being what it is.
Software Engineering Radio
I enjoyed being a guest on Software Engineering Radio in this in depth interview.
Threat Model In My Devops
A recent talk by Alyssa Miller focuses on integrating threat modeling in devops.
Threat Modeling and the SAFE Framework
My thoughts on an interesting blog post discussing how to bring threat modeling into the Scaled Agile Framework.
The Jenga View of Threat Modeling
I'm happy to announce Shostack + Associate's new, first, corporate white paper! It uses Jenga to explain why threat modeling efforts fail so often.
Contextualisation of Data Flow Diagrams...
Contextualisation of Data Flow Diagrams for security analysis is a new paper to which I contributed.
Models and Accuracy (Threat Modeling Thursday)
For Threat Model Thursday, I want to look at models and modeling in a tremendously high-stakes space: COVID models.
SDL Article in CACM
Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works.
Threat Model Thursday: Data Flow Diagrams
This week's threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues.
Power Dynamics in Threat Modeling
On Linkedin, Peter Dowdall had a very important response to my post on remote threat modeling.
Answering 'What Are We Working On' When Remote
How do we replace the in-person whiteboard sessions essential to Threat Modeling when we are distanced and working remotely?
Medical Device Threat Modeling
New training being developed, seeking interest.
Threat Modeling with Questionnaires
This post comes from a conversation I had on Linkedin with Clint Gibler.
Free Threat Modeling Training
While I can't fix things, I can at least make my LinkedIn courses free for a time.
Amazon's 'Alexa Built-in' Threat Model
Exploring supply chain threat modeling with Alexa
Threat Modeling Training at Blackhat 2020
At Blackhat this summer, I'll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don't wait!
Threat Model Thursday: BIML Machine Learning Risk Framework
Risk Framework and Machine Learning
Repudiation Now Live on Linkedin Learning
My course, “Repudiation in Depth” is now live on Linkedin Learning. This is the fourth course in my Learning Threat Modeling series.
Threat Model Thursday: Games
For reasons I can't quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied.
Threat Model Thursday: Files
Have you considered the idea that “Files are Fraught With Peril” lately? Maybe you should...
Threat Modeling Thursday: The Human Element
I joined Caroline Wong on the Humans of Infosec Podcast to discuss The Human Element of Threat Modeling.
Empirical Evaluation of Secure Development Processes
Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success.
Managed Attribution Threat Modeling
Let's talk CAKED, a threat model for managed attribution.
Message Sequence Charts
Swim lane diagrams have been formalized in message sequence charts - what that means.
Medical Device Security Standards
Recently, I've seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them.
Includes No Dirt: Healthcare Threat Modeling (Thursday)
“Includes No Dirt” is a threat modeling approach by William Dogherty and Patrick Curry of Omada Health, and I've been meaning to write about it since it came out.
Who Are We Kidding with Attacker-Centered Threat Modeling?
Don't go into Threat Modeling with this mindset.
Interesting Reads: Risk, Automation, lessons and more!
Just what the title says.
Quick Threat Model Links October 2019
Just a few things for now
OWASP Portland: Talk and Podcast
I recently had a chance to speak at the meeting for the Portland, Oregon chapter of OWASP
Course announcement: Tampering in Depth!
I'm excited to announce that I'm hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering.
Threat Modeling Building Blocks
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights.
Training At Embedded Systems Security Days
I'm excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8.
Threat Modeling at Layer 8
Discussing online conflict on the AppSec Podcast
Safety and Security in Automated Driving
Let’s explore the risks associated with Automated Driving.
Promoting Threat Modeling Work
Some thoughts on promoting others’ threat modeling work.
Testing Building Blocks
There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.
3 Arguments for Threat Modeling
Top 3, from Continuum
20 Years of STRIDE: Looking Back, Looking Forward
Has it been that long already?
Threat Modeling in 2019
RSA has posted a video of my talk, “Threat Modeling in 2019”.
A Seat At The Table (AppSecCali)
My talks from AppSecCali 2019
What Should Training Cover?
When suggesting that someone needs more training, consider what specific points should be covered.
Nature and Nurture in Threat Modeling
What comes easily should still be taught and elaborated upon.
Threat Modeling: Attackers May Adapt, Respond
Reasons for failure in real-world security
Threat Modeling as Code
Exploring threat models as code.
LinkedIn Learning: Producing a Video
My Linkedin Learning course is getting really strong positive feedback. Today, I want to peel back the cover a bit, and talk about how it came to be.
IriusRisk 2.0
I’m excited to be able to share “Announcement: IriusRisk Threat Modeling Platform 2.0 Released.”
Scaling Threat Modeling Training
For the last few years, I've been delivering in-person threat modeling training. I've trained groups ranging from 2 to 100 people at a time, and I've done classes as short as a few hours and as long as a week.
Threat Modeling in 2018: Attacks, Impacts and Other Updates
Check out my talk from Blackhat 2018
Podcast with Ron Woerner
Another podcast, another chance to talk about Threat Modeling
Privacy Extension to Elevation of Privilege game
An extended version of Elevation of Privilege, now with Privacy.
Reflective Practice and Threat Modeling (Threat Model Thursday)
[no description provided]
Threat Model Thursday: Legible Architecture
[no description provided]
Threat Modeling in 2018: Attacks, Impacts and Other Updates
The slides from my Blackhat talk are now available.
Threat Modeling Thursday: 2018
[no description provided]
Threat Model Thursdays: Crispin Cowan
[no description provided]
Continuum Interview
[no description provided]
Threat Model Thursday: Chromium Post-Spectre
Understanding Google's Post-Spectre threat model
'EFAIL' Is Why We Can't Have Golden Keys
[no description provided]
The DREAD Pirates
[no description provided]
4 Common Missteps in Threat Modeling
[no description provided]
Joining the Continuum Team
[no description provided]
Designing for Good Social Systems
[no description provided]
Threat Modeling Thursday: #threatmodelhero
[no description provided]
Threat Model Thursday: Talking, Dialogue and Review
As we head into RSA, I want to hold the technical TM Thursday post, and talk about how we talk to others in our organizations about particular threat models, and how we frame those conversations.
Gartner on DevSecOps Toolchain
[no description provided]
Threat Model Thursday: ARM's Network Camera TMSA
[no description provided]
Threat Model Thursday: ARM Yourselves!
[no description provided]
Ries on Gatekeepers
[no description provided]
Threat Model Thursday: Synopsys
[no description provided]
Threat Modeling Panel at APPSEC Cali 2018
[no description provided]
Speculative Execution Threat Model
[no description provided]
Citizen Threat Modeling and more data
[no description provided]
Threat Modeling: Citizens Versus Systems
[no description provided]
Threat Modeling Privacy of Seattle Residents
[no description provided]
Jonathan Marcil’s Threat Modeling Toolkit talk
[no description provided]
AppSec Cali 2018: Izar Tarandach
[no description provided]
AppSec California TM Panel
[no description provided]
Threat Modeling Tooling from 2017
[no description provided]
Vulnerabilities Equities Process and Threat Modeling
[no description provided]
Data Flow Diagrams 3.0
[no description provided]
Emergent Design Issues
[no description provided]
Threat Modeling ‘App Democracy’
[no description provided]
Threat Modeling and Architecture
[no description provided]
Threat Modeling Training (London!)
[no description provided]
Open for Business
Recently, I was talking to a friend who wasn't aware that I'm consulting, and so I wanted to share a bit about my new life, consulting!
Star Wars, Star Trek and Getting Root on a Star Ship
[no description provided]
Organizing Threat Modeling Magic
[no description provided]
Magical Approaches to Threat Modeling
[no description provided]
Threat Modeling Password Managers
[no description provided]
Umbrella Sharing and Threat Modeling
[no description provided]
Rolling out a Threat Modeling Program
[no description provided]
Secure updates: A threat model
[no description provided]
Threat Modeling Encrypted Databases
[no description provided]
Threat Modeling: What, Why and How
[no description provided]
Bicycling and Threat Modeling
[no description provided]
Certificate pinning is great in stone soup
[no description provided]
A Privacy Threat Model for The People of Seattle
[no description provided]
Threat Modeling and Star Wars
[no description provided]
Threat Modeling & IoT
[no description provided]
People are The Weakest Link In Security?
[no description provided]
Learning Lessons from Incidents
[no description provided]
Groundrules on Complaining About Security
Everyone complains about security, but no one ever... sets boundaries
Modeling Attackers and Their Motives
There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.