Who are we kidding with Attacker-centric threat modeling?

I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “12 Ingenious iOS Screen Time Hacks,” I realized what they’re all missing: kids.

read the rest at https://adam.shostack.org/blog/2019/10/who-are-we-kidding-with-attacker-centered-threat-modeling/