Skip to content

adamshostack/4QuestionFrame

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
July 24, 2022 19:43

Shostack's 4 Question Frame for Threat Modeling

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good job?

These questions are designed to help people build better systems. They work less well for end-users of technology.

The authoritative reference is page 4, Threat Modeling: Designing for Security. I've evolved the questions since then. The changes include:

  • We has replaced you, to be inclusive and collaborative
  • "are" has replaced "should" in question 3, to be more focused on action
  • Simplified the wording.
  • I'll regularly ask "did we do a good enough job?" The goal is not to do a good job at threat modeling, but to drive improvement to a system.

Nuances

People will sometimes phrase the first question "what are we building" rather than working on. The "building" frame draws people towards a waterfall approach with the attendant problems.

In the Threat Modeling Manifesto, the team had a preference for adding the word "enough" to the 4th question: did we do a good enough job? I appreciate the lessened pressure, and miss the aspiration, and so keep the terse form here.

There's a 60 second video that introduces the questions.

Legalese, citations.

I'm told some lawyers have been concerned about quoting a complete thing, and asserted that it pushes at the limits of fair use to use all 23 of these words as a unit. If you need a license, please treat it as CC-BY. Please call it "Shostack's Four Question Frame for Threat Modeling," or "Shostack's Four Question Framework."

MLA formated cite is: Shostack, Adam. Threat Modeling: Designing For Security. John Wiley & Sons, 2014.

About

Shostack's 4 Question Frame for Threat Modeling

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published