Shostack + Friends Blog

Quick Threat Model Links October 2019

Just a few things for now

Trail of Bits released a threat model for Kubernetes [link to https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Threat%20Model.pdf no longer works]. There's some context from Aaron Small, who made the project happen.
Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC.
Ntrepid has released a blog posts on "Threat Modeling for Managed Attribution" (part 1, part 2, part 3)
The W3C has updated the questionnaire it uses for web feature development, including questions about "legitimate misuse" (Techcrunch: Web feature developers told to dial up attention on privacy and security.)
Omada Health has released an interesting threat model ("INCLUDES NO DIRT") for medical device modeling.

What else have you seen? I'm hoping to find time to write more deeply on several of these.

Disclosure: I'm on advisory boards for Continuum and Ntrepid.

Originally published by Adam on 09 Oct 2019
Categories: threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Other comments on the CSRB Microsoft Report

17 Apr 2024

Leveraging our training platform

16 Apr 2024

How we leverage a platform for great training

CSRB Report on Microsoft

13 Apr 2024

The CSRB has released its report into an intrusion at Microsoft, and ... it’s a doozy.

Introducing Magic Security Dust!

01 Apr 2024