… Or Maybe They’ll Just Threat Model Themselves To Death

Window Snyder, co-author of Threat Modeling, joins Mozilla to “lead the company’s efforts to protect its range of desktop applications from malicious hacker attacks.”

I know engineers like to be industrious and create new things, but seriously: why aren’t “the threat model document” and “the system being modeled” the same creation? Can’t a system be self-describing enough such that an inspecting system can determine entry points, assets, dataflows, etc.?

I found threat modeling to be a valuable thinking exercise that generates awkward, inaccurate, and incomplete documentation. Maybe it’s more the journey than the destination that’s important.

September 6, 2006