Meta Threat Modeling

Meta Threat Modeling applies Threat Modeling techniques to Threat Modeling itself. It makes our Threat Modeling efforts more effective, efficient and satisfying.

More than retrospectives ("Did we do a good job?"), it foresees threats to our Threat Modeling efforts and tames them, before they become real problems.

The method can be executed in two fashions that inspire each other:

  1. In a generic view, we threat model the Threat Modeling efforts of "any" vendor. We reduce assumptions, so that the analysis fits many vendors.
  2. In a specific view, we take a close look at our specific Threat Modeling program. We incorporate all the details, even team structures and cultural aspects, so that the analysis fits our circumstances perfectly.

The following survey collects resources on Meta Threat Modeling, including Meta Threat Models. It will be updated to be the goto-portal for the topic.

The ⛈️☂️(⛈️☂️) Threat Modeling of Threat Modeling #meta

... is a comprehensive generic Meta Threat Modeling analysis that opened the field of Meta Threat Modeling (together with the Threat Modeling Manifesto). It has more than 100 threats and associated mitigations.

Meta Threat Modeling Threat Modeling Connect Community Meetup

... presented Meta Threat Modeling in a Community Meetup. It tried the method in interactive Meta Threat Modeling live sessions with small groups.

[Video recording] [Slide Deck] [Exercise Results after 22min]

Topics discussed in this Meetup
  • Basics of threat modeling
  • Why not apply threat modeling to threat modeling itself and foresee and mitigate threats before they become real problems?
  • Meta Threat Modeling
  • How to threat model a process: Usability Threat Modeling and the BIF threat categories
  • System diagram of the ⛈️☂️(⛈️☂️) Threat Modeling of Threat Modeling #meta
  • Rough overview: 🧩 Discover threats [2.1]
  • Example threat: ✨⛈️ [2.1.3] Hard threat discovery
  • Differences between threat modeling generic threat modeling and your own
  • Breakout sessions, where participants got to threat model their own threat modeling, supported by a simple Mural board and awesome and engaged facilitators
  • Insight sharing

The Threat Modeling Manifesto

... has values (X over Y), patterns and anti-patterns and the Threat Modeling Capabilities sub-project that can easily be interpreted as a generic Meta Threat Modeling threat/mitigation collection.

TM of TM Application Security Podcast Episode

... discusses the inspiration behind the ⛈️☂️(⛈️☂️) Threat Modeling of Threat Modeling #meta project and some of it's contents.

[Video] [Audio]

Topics discussed in this episode
  • Hendrik's security origin story
  • What makes threat modeling a success?
  • Why do vendors totally need threat modeling?
  • Struggles when introducing threat modeling
  • Motivation behind the project
  • VISUS journey
  • Generalized, extended and published analysis for a public audience
  • How this project might help practicioners get inspired and build better threat modeling programs
  • How to threat-model a process?
  • Why add phase 0 "How do we threat-model?"
  • Some challenges of getting started
  • Discussing some of the first topics of the analysis:
  • 0️⃣ 🧩 Develop software without threat modeling (May serve as motivation): [0.1] ⛈️ [0.1.1] Blindness, ⛈️ [0.1.2] Insecurity, ⛈️ [0.1.3] Actual Damage
  • 🧩 Design Threat Modeling process (how) [0.3]: ⛈️ [0.3.2] Perfect process trap, ⛈️ [0.3.6] Non-actionable process
  • 🧩 Train and Launch Threat Modeling program [0.5]: ⛈️ [0.5.1] Lack of training, ⛈️ [0.5.2] Too theoretical training
  • 🧩 Catch up on threat models for existing products [1.1]: ⛈️ [1.1.1] Threat modeling a “giant”
  • 🧩 Threat model new developments [1.2]: ⛈️ [1.2.1] Outdated threat models, ⛈️ [1.2.4] Mitigation debt / Security later & “later=never” anti-pattern
  • (Not covering anything from 2️⃣ “What can go wrong?” Phase / 3️⃣ “What are we going to do about it?” Phase / 4️⃣ “Did we do a good (enough) job?” Phase / *️⃣ Overarching aspects. The goal of the podcast episode was to introduce the project.)
  • Call to Action from Chris and Hendrik: Please read, get inspired and give feedback!
  • Lightning round

The 🙂 Fortunately🙁 Unfortunately of 🙂 Fortunately🙁 Unfortunately #meta

... examimes the Fortunately Unfortunately method of Threat Modeling in it's own style.