Some Early Writing on Threat Modeling

Adam's Early Writing on Threat Modeling

Adam, and others, were writing about threat modeling before there was a Shostack + Associates, and even before there was Threat Modeling: Designing For Security. This section is Adam's writings that predate the book.

Elevation of Privilege: Drawing Developers into Threat Modeling (Usenix 3GSE workshop, 2014)
The Easy Way To Get Started Threat Modeling (Blackhat, 2010)
Experiences Threat Modeling At Microsoft (Security Models Workshop, 2008)
Getting Started With The SDL Threat Modeling Tool (MSDN, 2009)
Reinvigorate your Threat Modeling Process (MSDN, 2008)
The Trouble With Threat Modeling (Blog series, 2007)
Uncover Security Design Flaws Using The STRIDE Approach with Shawn Hernan, Scott Lambert, Tomasz Ostwald (MSDN, 2006)
Breaking Up Is Hard To Do: Modeling Security Threats for Smartcards with Bruce Schneier, (Best Paper, Usenix Workshop on Smartcard Technology, 1999)

STRIDE

STRIDE was created by Loren Kohnfelder and Praerit Garg in 1999. Their paper, The Threats To Our Products is no longer available on Microsoft's web site, so we keep a copy here.

Attack Trees

One of the better known early attempts at providing structure in threat modeling would be Ed Amaroso's work on attack trees, in his Fundamentals of Computer Security Technology (Prentice Hall, 1994). Stuart Schecter traces the history further in his PhD thesis, Computer Security Strength & Risk: A Quantitative Approach (both Chapter 2 and Appendix A).