Who are we kidding with Attacker-centric threat modeling?

Adam Shostack
1 min readOct 23, 2019

I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “12 Ingenious iOS Screen Time Hacks,” I realized what they’re all missing: kids.

read the rest at https://adam.shostack.org/blog/2019/10/who-are-we-kidding-with-attacker-centered-threat-modeling/

--

--

Adam Shostack

Generally blogging at adam.shostack.org/blog, but shared posts here before Medium asked me to jump through more and more hoops..