Threat Modeling Whitepapers from Shostack + Associates

Cover page of whitepaper titled 'The Jenga View of Threat Modeling'

The Jenga View of Threat Modeling

Our first corporate whitepaper, The Jenga View of Threat Modeling, breaks out different types of threat modeling work in a new way. The Jenga view helps you understand the diverse changes that happen to enable threat modeling, and through understanding, helps you accelerate.


Reasonable Software Security Engineering

A whitepaper written for ISACA. Many businesses today make promises like “we take your security seriously,” or “we are secure by design.” That’s great, if your efforts are centered in engineering, rather than marketing or legal. In this Perspective article, we’ll talk about the growing need for security engineering, including what, why, where, how and when.
Paper (Registration required)