The Elevation of Privilege Threat Modeling Game
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
EoP Cards Native files
EoP_Card Game Images.pdf
EoP_Score Card.pdf

The Elevation of Privilege Threat Modeling Game

I created Elevation of Privilege while at Microsoft. I'm creating this repository to have a single location for bugfixes, encourage more derivative work, and all the other goodness that a git repository can bring. At, Microsoft released these under a CC-BY-3.0 license; all these files are maintained under the same license.

Elevation of Privilege (EoP) is the easy way to get started threat modeling. It is designed to make threat modeling easy and accessible for developers and architects. Threat modeling is a core security practice during the design phase of the Microsoft Security Development Lifecycle (SDL). The EoP card game helps examine possible threats to software and computer system. This game is licensed under the Creative Commons Attribution 3.0 United States License. Native files of the game are made available to allow editing, localization, and printing of the game. To view the full content of this license, visit

There are a set of variants which I track on the threat modeling book website, including a German translation, some online versions, an Alexa skill, etc.