Shostack + Friends Blog

 

Threat Modeling Gameplay with Eop

You should get the Threat Modeling Gameplay book, now available! The cover of the book

One of the challenges in creating a game with a purpose is balancing fun and pedagogy (or even pedantry). Cards in my Elevation of Privilege game have specific ‘hints,’ more specific than the threats that are used as the suits...but sometimes not specific enough.

That’s why I’m so pleased that Brett Crawley has written a book, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture. Adding step-by-step instructions, support material, and ways to address threats will all empower those new to structured threat modeling to effectivly find and address threats.

I’m honored to have written the Foreword to the book, and I encourage everyone with a copy of the game to get a copy. But more, if you’ve hesitated to get or use the game, this is the resource you’ve been waiting for.