[Net-sec-threat-modeling] Threat modelling form

Fotis Loukos fotisl at ssl.com
Sat May 4 23:49:04 MST 2019

Hello everybody,
I have prepared the threat modelling form and you can find it at the
shared folder.

A couple of remarks:
1) The first conceptual question (When to do threat modelling i.e. when
and where?) seems ambiguous and as Mariusz noted, are we sure that it
will provide valuable feedback as is? I didn't include it until we
discuss about it (preferably at the list, we shouldn't wait till our
next call).
2) At the 6th conceptual question (Are you willing to consider making
architectural changes to your infrastructure in order to meet the
requirements that may arise as output from the threat model?) instead of
just Yes and No, I also added Maybe. I think that it's difficult to
commit to making changes if you don't know them exactly.

Please send your feedback and then I will have this circulated.

Best regards,

Fotis Loukos, PhD
Director of Security Architecture
SSL Corp
e: fotisl at ssl.com
w: https://www.ssl.com

More information about the Net-sec-threat-modeling mailing list