ThunderSon
commented
4 years ago This is definitely something to be done. The Threat Modeling CS needs updating, and some threat modelers will be tweaking it. Would you like to join us on Slack? 😄
Closed aiacobelli2 closed 3 years ago
ThunderSon
commented
4 years ago This is definitely something to be done. The Threat Modeling CS needs updating, and some threat modelers will be tweaking it. Would you like to join us on Slack? 😄
aiacobelli2
commented
4 years ago Glad to :D! Are you talking about the owasp slack , threat model channel?
swierckx
commented
4 years ago The 'official' questions should be mentioned:
Please note there is a cheat for every one of the four questions in the making ...
jmanico
commented
4 years ago Hey @aiacobelli2 care to work on this one?
mackowski
commented
4 years ago @jmanico the work is in progress here: https://github.com/OWASP/CheatSheetSeries/pull/440/files
mackowski
commented
3 years ago Do we feel that this CS and this PR https://github.com/OWASP/CheatSheetSeries/pull/440 are still needed when we have https://www.threatmodelingmanifesto.org/? From what I see the spirit of the changes in this cheat sheet are VERY similar to what is already documented in threat modeling manifesto. We can refactor this cheat sheet to be a list of a good resources about threat modeling and to show different approaches (including https://www.threatmodelingmanifesto.org/)
What is missing or needs to be updated?
It would be nice to add the 4 basic questions to the "Define Objectives" section
How should this be resolved?
Add the 4 basic questions:
What does the system do? Why are we building this? What needs to go right to get that value? How do we ensure that those conditions happens?