This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version of our collective threat modeling knowledge in a way that should inform, educate, and inspire other practitioners to adopt threat modeling as well as improve security and privacy during development.
We developed this Manifesto after years of experience thinking about, performing, teaching, and developing the practice of, Threat Modeling. We have diverse backgrounds as industry professionals, academics, authors, hands-on experts, and presenters. We bring together varied perspectives on threat modeling. Our ongoing conversations, which focus on the conditions and approaches that lead to the best results in threat modeling, as well as how to correct when we fail, continue to shape our ideas.
The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.
Other episodes on threat modeling:
- Adam Shostack — Remote Threat Modeling
- Kim Wuyts — Privacy Threat Modeling
- Izar Tarandach — Command line threat modeling with pytm
- Stephen de Vries — Threat Modeling with a bit of #Startup