Threat Modeling of Threat Modeling Refac

Techniques & Tooling
1

I’m working on a refactoring of the :cloud_with_lightning_and_rain::umbrella:(:cloud_with_lightning_and_rain::umbrella:) Threat Modeling of Threat Modeling #meta. For those of you who don’t know the project: It’s about how to make threat modeling a success and has >100 meta threats + mitigations.

It currently lives as a Notion document.

I want to “own” the data and presentation instead.

That’s why I moved the threat model to an own text format like this:

[...]

PHASE 2️⃣ “What can go wrong?”
  ACTIVITY Discover threats
    CLUSTER Blindness and threat discovery
      THREAT Blind spot
        [...]
      THREAT Blind area
        DESCRIPTION Threat modelers miss a whole class of threats.
        MITIGATION The Threat Modeling Manifesto names patterns, all of which improve threat modeling practices and reduce blindness: “Systematic approach, informed creativity, varied viewpoints, useful toolkit, theory into practice”
            LINK https://www.threatmodelingmanifesto.org/
              DESCRIPTION The Threat Modeling Manifesto
        MITIGATION [...]
        MITIGATION Avoid system representation miss (see above).
        SEE system-rep-miss
      [...]

I’m experimenting what is the best way to render and present that tree of wisdom. :man_mage: :wink:

Could use some opinions.

Who has some :eyes: for an early review?

Hendrik

1 Like
2

I can lend a hand and take a look, just let me know!

This looks very interesting :fire:

1 Like
3

Ok cool @PaulSpruce. More in DM! :incoming_envelope:

1 Like