Threat Modeling Manifesto defines the foundation of threat modeling
What precisely is threat modeling? What guides us when we threat model? And how can we effectively and productively threat model?
Today, a working group of prominent threat modeling professionals from around the globe has released a first-of-its-kind Threat Modeling Manifesto to answer these questions. The group identified what they see as key threat modeling characteristics. The Manifesto’s format follows that of the Agile Manifesto by outlining core values and principles.
Kim Wuyts, one of LINDDUN's main designers, is part of the working group that created this Manifesto. She shares some insights here.
Why did you participate in the Manifesto working group?
Threat modeling has been gaining more attention over the past years. In the process, it seems the term has started to live a life of its own. Everyone uses their own definition and therefore the core concepts sometimes get lost. So, I was immediately sold on the idea of joining a group of fellow threat modeling enthusiasts to define this foundation.
At imec-DistriNet, we have been researching into threat modeling at the intersection of security, privacy and data protection for more than a decade. With this background, it was great to be able to share my view on threat modeling as an academic, method designer and privacy advocate.
But most of all, it was just so much fun and so inspiring to collaborate with this awesome group of threat modeling experts.
How did you go about creating the Manifesto?
Over the past months, we had weekly calls to discuss threat modeling do’s and don’ts. And, in addition, countless emails on the topic flew back and forth.
With our diverse backgrounds as industry professionals, academics, authors, hands-on experts, and presenters, we had many inspiring and entertaining conversations to answer questions such as: What is threat modeling? What are the conditions and approaches that lead to the best threat modeling results?
Although our practical approaches to threat modeling may differ, we all agree on these common values and principles that form the foundation for threat modeling practices.
This has really been a wonderful collaboration. It has truly been a team effort where everyone was heard, and every voice was equally important.
Why is this Manifesto so important?
There is no one-size-fits-all threat modeling method, process or tool that will be perfect for everyone. Selecting the method most suited for your needs depends on several factors, including the overall requirements, company culture, personal preferences, and your level of expertise. The basics, however, stay the same, independent of the method or technique of your choice.
These values and principles have been captured in the Threat Modeling Manifesto. It can be used as guide to select and refine the methodology that fits your needs and it can help you become more effective and productive in threat modeling.
The Manifesto is intended for anyone who is concerned about the security, privacy and safety of their software systems. It is a guide for those new to the field, but it is also relevant for more experienced threat modelers, as it can challenge their current practices. In addition, the Manifesto also contains very useful input for researchers as well as method and tool designers. They can build upon this foundation of values and principles.
So, to follow a key threat modeling value: let’s stop talking about threat modeling and start doing it! Go check out the values and principles of the Threat Modeling Manifesto and put them into practice.