Threat modeling the TRAIL of Bits way

h/t CloudSecList

Threat modeling the TRAIL of Bits way discusses how Trail of Bits threat models. They literally have a process called TRAIL, which stands for Threat and Risk Analysis Informed Lifecycle. They link to a list of published threat models, but not all of these seem to actually be threat models, some are other types of security assessment.

I do like how their approach takes the time to model out the system and capture that model, making updating the threat model in the future easier.

1 Like