| Track: | Threat Model |
|---|---|
| When: | Tue AM-1 |
| Where: | Kings |
| Organizers | Steven Wierckx Steven Wierckx |
| Participants | Adam Shostack Adam Shostack , Andrew Johnstone Andrew Johnstone , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Chris Allen Chris Allen , Claudio Camerino Claudio Camerino , David Cervigni David Cervigni , Fabien Thalgott Fabien Thalgott , Gabor Pek Gabor Pek , Luis Saiz Luis Saiz , Matt Pendlebury Matt Pendlebury , Peter Turczak Peter Turczak , Ruben Tronçon Ruben Tronçon , Sotiraki Sima Sotiraki Sima , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris |
| Remote Participants | Abhi Raj Abhi Raj , Andrew Martin Andrew Martin , Lubo Vikev Lubo Vikev , Vinod Anandan Vinod Anandan |
WHY
We need to have 3 more cheat sheets for the missing TM steps.
What
Create a cheat sheet of maximum 5 points, each one starting with “do” or “don’t”
Outcomes
3 cheat sheets
References
The one cheat sheet already created:
Cheat sheets: What are we building?
DO: scope to what is under your control.
DO: Understand the context your system will live in. This includes but is not limited to the environment, security controls, …
DO: If you are stuck, either look at the entry and exit points OR let the Subject Matter Expert (SME) tell a story to get back on track.
DON’T: Go beyond/deeper than design level.
DON’T: Threat threat modeling like a kitchen sink, don’t try to put everything in.
Register as participant
To register as participant add Threat model cheat sheets to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions