Some Early Writing on Threat Modeling


Adam's Early Writing on Threat Modeling

Adam, and others, were writing about threat modeling before there was a Shostack + Associates, and even before there was Threat Modeling: Designing For Security. This section is Adam's writings that predate the book.


STRIDE was created by Loren Kohnfelder and Praerit Garg in 1999. Their paper, The Threats To Our Products is no longer available on Microsoft's web site, so we keep a copy here.

Attack Trees

Perhaps the earliest attempt at providing structure in threat modeling would be Ed Amaroso's work on attack trees, in his Fundamentals of Computer Security Technology (Prentice Hall, 1994).