Shostack + Friends Blog

Threat Modeling Gameplay with Eop

You should get the Threat Modeling Gameplay book, now available!

One of the challenges in creating a game with a purpose is balancing fun and pedagogy (or even pedantry). Cards in my Elevation of Privilege game have specific ‘hints,’ more specific than the threats that are used as the suits...but sometimes not specific enough.

That’s why I’m so pleased that Brett Crawley has written a book, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture. Adding step-by-step instructions, support material, and ways to address threats will all empower those new to structured threat modeling to effectivly find and address threats.

I’m honored to have written the Foreword to the book, and I encourage everyone with a copy of the game to get a copy. But more, if you’ve hesitated to get or use the game, this is the resource you’ve been waiting for.

Originally published by Adam on 12 Aug 2024
Categories: book reviews

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.