⛈️☂️(⛈️☂️) Threat Modeling of Threat Modeling #meta

Yes, threat modeling is important, but how can we make it a success? What can go wrong? What are we going to do about it? This project threat models threat modeling #meta.

Upcoming Threat Modeling Connect community meetup

Threat Model: Latest Version

• Version 1.2.0, 2024-07-09, online, interactive with open/close toggles
• Version 1.2.0, 2024-07-09, PDF export, all details expanded

PDF Version history

• Version 1.0.0, 2024-02-24: First public release
• Version 1.1.0, 2024-02-27: Added the Thanks section
• Version 1.2.0, 2024-07-09: Asorted extensions
  Release notes

  • Improved texts, community feedback, better open/close for introduction
  • Additional video on incremental threat modeling at ⛈️ [1.1.1] Threat modeling a “giant”
  • Beginner resources canvas at ⛈️ [2.1.3] Hard threat discovery
  • +⛈️ [0.1.5] Penetration Test only Application Security
  • +⛈️ [2.1.2b] Threat FOMO (fear of missing out)
  • +⛈️ [2.1.13] Blindness reward / Clarification penalty
  • +⛈️ [3.2.14] Mitigation bypass / Vicious circle of threats introduced by mitigations
  • +⛈️ [3.2.15] Mitigation off switch
  • +⛈️ [4.5.1] Lack of Celebration / Missing out on Joy of Realization (”Verwirklichungsfreude”)

Reception

• Insightful pre-release conversation about the project at the OWASP #threat-modeling slack channel
• Launch post and discussion at the OWASP #threat-modeling slack channel
• Talking about the project at the Application Security Podcast with Chris Romeo and Robert Hurlbut:
  
  
  Topics discussed in this episode

  • Hendrik's security origin story
  • What makes threat modeling a success?
  • Why do vendors totally need threat modeling?
  • Struggles when introducing threat modeling
  • Motivation behind the project
  • VISUS journey
  • Generalized, extended and published analysis for a public audience
  • How this project might help practicioners get inspired and build better threat modeling programs
  • How to threat-model a process?
  • Why add phase 0 "How do we threat-model?"
  • Some challenges of getting started
  • Discussing some of the first topics of the analysis:
  • 0️⃣ 🧩 Develop software without threat modeling (May serve as motivation): [0.1] ⛈️ [0.1.1] Blindness, ⛈️ [0.1.2] Insecurity, ⛈️ [0.1.3] Actual Damage
  • 🧩 Design Threat Modeling process (how) [0.3]: ⛈️ [0.3.2] Perfect process trap, ⛈️ [0.3.6] Non-actionable process
  • 🧩 Train and Launch Threat Modeling program [0.5]: ⛈️ [0.5.1] Lack of training, ⛈️ [0.5.2] Too theoretical training
  • 🧩 Catch up on threat models for existing products [1.1]: ⛈️ [1.1.1] Threat modeling a “giant”
  • 🧩 Threat model new developments [1.2]: ⛈️ [1.2.1] Outdated threat models, ⛈️ [1.2.4] Mitigation debt / Security later & “later=never” anti-pattern
  • (Not covering anything from 2️⃣ “What can go wrong?” Phase / 3️⃣ “What are we going to do about it?” Phase / 4️⃣ “Did we do a good (enough) job?” Phase / *️⃣ Overarching aspects. The goal of the podcast episode was to introduce the project.)
  • Call to Action from Chris and Hendrik: Please read, get inspired and give feedback!
  • Lightning round
  
  
  
  Video podcast version at YouTube
  
  Audio podcast version with all the platform links

Banner image

Feedback?

Please reach out, so that I can improve this work! https://hendrik.ewerlin.com/security/

A detailed call for feedback is at the bottom of the document.

I'm also working on a Community twin project... Stay tuned!