One of the questions we get regularly is ‘when should I update my TMs?’ Our answers are:
-
When you know you’re adding new components or connections
-
Regularly (from quarterly to annually, depending on how much the product is changing)
-
When the threat landscape changes.
That third is unusual, and I wanted to share that this morning Shostack + Associates is releasing our first ever threat advisory, because the threat landscape around GPS is changing. https://shostack.org/security-advisory-26-01-gps-security-concerns-require-threat-model-updates