Shostack + Friends Blog


Fast, Cheap + Good Whitepaper

Threat modeling doesn't need to be a slow, heavyweight activity! A whitepaper cover page, with the title fast, cheap and good: an unusual tradeoff available in threat modeling

Threat modeling work can be very rewarding. There is a common pattern where a lightweight proof of concept run by security experts leads to the creation of a heavier process. This heavier process is designed to help developers, operations and others with less security expertise. These approaches are often too heavy for low-risk projects, too big for agile projects, and they don’t consistently produce results worthy of the invested energy.

This creates a situation in which fast and cheap ways to figure out ‘What can go wrong?’ and ‘Do we need to dig deeper?’ are better than heavyweight approaches. This paper presents a set of approaches as simple as asking, “What can go wrong?” It also provides a framework that allows us to consider direct return on effort as well as other common goals for security assurance such as consistency and assurance.

This paper:

  • Collects a set of fast, cheap, and good ways to begin threat modeling
  • Measures them on several metrics
  • Provides you with a decision framework to illuminate when to use more in-depth approaches

Two podcasts have released on the paper:

Fast, Cheap and Good: An unusual tradeoff available in threat modeling is now available to everyone! If you want early access to papers like this, sign up for Adam Shostack's New Thing.