Shostack + Friends Blog


Quick Threat Model Links October 2019

Just a few things for now
  • Trail of Bits released a threat model for Kubernetes [link to no longer works]. There's some context from Aaron Small, who made the project happen.
  • Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC.
  • Ntrepid has released a blog posts on "Threat Modeling for Managed Attribution" (part 1, part 2, part 3)
  • The W3C has updated the questionnaire it uses for web feature development, including questions about "legitimate misuse" (Techcrunch: Web feature developers told to dial up attention on privacy and security.)
  • Omada Health has released an interesting threat model ("INCLUDES NO DIRT") for medical device modeling.

What else have you seen? I'm hoping to find time to write more deeply on several of these.

Disclosure: I'm on advisory boards for Continuum and Ntrepid.