Timeline for What is a threat model, and how do I make one?
Current License: CC BY-SA 4.0
16 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Jan 30, 2020 at 14:56 | history | suggested | yoozer8 | CC BY-SA 4.0 |
Replaced comment reply with link to referenced answer, removed extraneous @
|
| Jan 30, 2020 at 14:46 | review | Suggested edits | |||
| S Jan 30, 2020 at 14:56 | |||||
| Jan 30, 2020 at 13:31 | comment | added | T. Sar | An analogy: "Is this lock secure?" - "It depends. Against who? People without tools just passing by? Sure. People with a crowbar? Not so much." | |
| Jan 30, 2020 at 10:33 | comment | added | JiK | @ConorMancone I'd say "What resources"? Asking how many or how much sounds wrong to me because it's like asking how many tools you need to build a car. The number or amount is not really interesting. | |
| Jan 29, 2020 at 22:33 | history | edited | Mike Ounsworth | CC BY-SA 4.0 |
added 123 characters in body
|
| Jan 29, 2020 at 22:28 | history | edited | Mike Ounsworth | CC BY-SA 4.0 |
added 123 characters in body
|
| Jan 29, 2020 at 19:21 | comment | added | Mike Ounsworth | @ConorMancone Uhh, yeah, the correct answer is "Get out of the fintech industry" | |
| Jan 29, 2020 at 19:05 | comment | added | Conor Mancone | @MikeOunsworth :) Indeed. Although I've actually seen: "I'm building a payment portal for a fintech startup. How do I secure the payment portal, I'm new to this?". My answer: "hire someone else to do it." | |
| Jan 29, 2020 at 18:56 | comment | added | Mike Ounsworth | @ConorMancone lol. If you're asking basic questions on StackExchange then maybe you're not qualified to build that web portal for launching nuclear missiles .... | |
| Jan 29, 2020 at 17:25 | comment | added | Conor Mancone | My classic example is to ask if they are building "an anonymous cutest-cat-picture-voting site" or "a web portal for launching a preemptive nuclear strike". Obviously the security concerns in these two cases are wildly different (and why in the world are you create a web portal for launching nuclear missles!!!!) | |
| Jan 29, 2020 at 17:22 | comment | added | Conor Mancone | Tangent, but: Should it be, "How many resources" or "how much resources"? They both sound wrong to me... | |
| Jan 29, 2020 at 15:50 | history | edited | Mike Ounsworth | CC BY-SA 4.0 |
added 182 characters in body
|
| Jan 29, 2020 at 15:43 | comment | added | Mike Ounsworth | @FilipedosSantos I agree that once you are comfortable with a framework, you can apply it to simpler situations; however if someone is asking what 2FA method they should use on their gmail account, then IMO teaching them the STRIDE model is overkill, instead I prefer to gently nudge them with the EFF questions. | |
| Jan 29, 2020 at 15:42 | comment | added | Filipe dos Santos | In order to learn the framework used by my employer, in a workshop they let us use a scenario where we should physically secure a building. Since most concepts are the same, the framework can be easily applied in a "simpler", and even non-technical scenario. | |
| Jan 29, 2020 at 15:40 | comment | added | Filipe dos Santos | Excellent points regarding the differences of formal and more informal threat modelling approaches. However a "formal" framework can also be used for simple scenarios and applications. | |
| Jan 29, 2020 at 15:35 | history | answered | Mike Ounsworth | CC BY-SA 4.0 |