Threat Modeling Naturally Tool

h/t to Shostack + Friends Blog

From the USENIX Symposium on Usable Privacy and Security (SOUPS) a paper and a tool) for the Threat Modeling Naturally Tool (TMNT).

I like the idea of having a modular system to support different approaches to TMing, allowing people to have preferences or perhaps choose according to the situation. Not clear to me it’s very mature yet, so might be something to keep an eye on.

Also unclear if their acronym is a nod to the Teenage Mutant Ninja Turtles, but that’s what I read whenever I see TMNT. I really hope it is.