Skip to content
Tech News
← Back to articles

Soatok's Informal Guide to Threat Models

read original more articles

After a long day of exhausting conversations about Hybrid Post-Quantum Cryptography, random jackasses trying to play gotcha with endpoint attacks against end-to-end encrypted messaging apps, and message board discussions in the wake of dumb politicians pushing more “age verification” bullshit on us all, it’s become abundantly clear to me that the phrase “threat model” is a foreign concept to most people.

Except, y’know, as a buzzword.

Art by Embyr.

For context, this was commissioned during the era of anti-vaccine losers claiming to “do their own research” briefly co-opting the word “threat model” as a buzz word.

I just still find it kind of funny even without this context.

To be up front: If you’re here looking for an academic resource with over 100 citations on how to write a formal threat model document for your new startup which involves multiple blockchains, this probably isn’t the gay furry blog for you. Maybe start with STRIDE and system theory. But if you’re looking to build an intuition for what questions a good threat model should answer, and you’re starting from zero, you’re probably in the right place.

So let’s talk about threat modeling.

Threat Modeling For Neophytes

... continue reading