Shostack + Friends Blog


Threat Model Thursday: ARM Yourselves!

[no description provided]

Arm The response to my first Threat Model Thursday was almost uniformly positive. Thank you!

I'm going to continue with the series, and have a second one ready. But as I think about how to maximize the value of the series, I want to try something. I want you to read the threat model without me, and analyze it.

This week's model is the ARM Network Camera TMSA. (It's behind a regwall, but you can opt-out of marketing.)

As you read it, I want you to ask yourself two sets of questions. First, how does it align with the 4-question frame ("what are we working on," "What can go wrong," "what are we going to do about it," and "did we do a good job?") Second, ask yourself who, what, why, and how. (You can ask yourself when if you want to be complete about it.)

I'll be back next week with my answers.