Talk:Threat model

Threat modeling manifesto is worth adding
The Threat Modeling Manifesto represents the work of over a dozen people (including myself, author of two leading books on the subject.) It's freely licensed and I think worth adding to the page even if it's on the border of promotion. — Preceding unsigned comment added by Emergentchaos (talk • contribs) 18:49, 25 September 2023 (UTC)

threat models differ, relate to security

 * Any security implementation can be "secure" depending on the threat model. That is, a security model is valid if it fully addresses and provides defenses against the types of intrusion attempts that it is expected to thwart. An extremely simplified example (just to demonstrate the "threat model" concept) would be that a security implementation that uses a simple alphabet substitution scramble would be considered relatively secure if the expected threat was a horde of pre-school children, but it would definitely not be considered secure at all if the expected threat was the NSA or a foreign intelligence agency.


 * Determining the expected threat model is not as simple as it would seem. At the very least, one must consider what the expected threat source has at his or her disposal. This can become a very complex analysis because the range of the threat depends on the analysis skills and the computing technology available to the adversary, and that involves a lot of unknowns.  Even granting minimal resources, today's minimal resources are capable of quite a lot:  much more than is obvious from a cursory examination.  Take for instance, the Google Search Engine.  It is composed of almost entirely off the shelf hardware, and much of it is not even the latest technology.  A single PC is not very capable on its own.  A thousand PC's working in parallal is capable of much much more - and it's not very hard to assemble.  Combine that with the potential for internet virus propagation to create a network of potentially tens or hundreds of thousands of PC's working in parallel, and the "expected threat model" just grew exponentially while remaining within the bounds of the original "PC Computer Technology" expected threat level.  Determining threat level is the subject of much learning and debate, and is beyond the scope of a simple article.

Moved from disk encryption GBL 15:12, 26 November 2006 (UTC)

Confusion of threat model with attack model
The "two distinct, but related meanings" for threat model in the current article seem very ill-defined to me. The confusion I've seen most often is Microsoft's use of "threat" to mean what many others mean by "attack". See e.g. http://taosecurity.blogspot.com/2007/06/threat-model-vs-attack-model.html I'd love to see some more references on that confusion, and perhaps somehow achieve more clarity here in Wikipedia. See also http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsThreatModeling.html ★NealMcB★ (talk) 23:19, 25 January 2011 (UTC)

Single vendor approaches
I believe that this page is getting worked over by commercial interests, who are citing only their own pages. https://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sources#Vendor_and_e-commerce_sources is relevant, especially, "the content guidelines for external links prohibits linking to "Individual web pages that primarily exist to sell products or services,"  — Preceding unsigned comment added by Emergentchaos (talk • contribs) 14:09, 23 August 2018 (UTC)
 * I believe this is a thinly veiled accusation that I have commercial interests in the company. The company that I linked to does threat modelling software so a linkage is fine. Note that I left it in the See also section and not thread it into the page like a subtle advertisement. The wiki guideline you cited is for external link to websites, not for internal wiki links. TO be specific, the guideline is WP:ELNO. "Except for a link to an official page of the article's subject, one should generally avoid providing external links to: Individual web pages that primarily exist to sell products or services, or to web pages with objectionable amounts of advertising." The wiki link I added is not 1) individual web page (it is a wiki page), 2) primarily exist to sell products or services (it is a wiki page and not selling anything). A quick look at my past edits and the edit summaries will easily indicate I am working on WP:ORPHAN. As such, I will leave both pages alone and for other wiki editors to de-orphan said company wiki page. Also, if a single vendor is a problem, you can add other vendors in as well...... if they have a wiki page as well and no external links as it will be advertising. --Xaiver0510 (talk) 01:18, 24 August 2018 (UTC)
 * The link you provided fits criteria #2. I think the page, as a whole suffers, and your link addition was an odd choice.  If you want to take it personally, that's a choice you can make.  — Preceding unsigned comment added by Emergentchaos (talk • contribs) 14:09, 23 August 2018 (UTC)
 * I repeat "primarily exist to sell products or services (it is a wiki page and not selling anything)." I love to see how criteria #2 fits? I added a wiki link and not external website. The company's wiki page serves to show information about the company. Whether does it passes WP:GNG or WP:NCORP is another issue, even if it fails and get deleted, the redlink will be dealt with. Why I felt is personal, there are 4 other commercial softwares listed on the page and you let it stay. It is inconsistent behaviour, your comment that advertising creeping but you let 4 links with external links to their own website stay. Adding another commercial software does not make it odd but I admit I added in the wrong section, which is an editing fault and should be fixed and not reverted. If I added into Threat_model, will you agree it is correct? --Xaiver0510 (talk) 02:00, 26 August 2018 (UTC)
 * To further highlight your contradicting point, please see the section Threat_model. Listed there are 5 threat modelling tools, only 1 is free (from microsoft) while the other 4 is non-free commercial softwares. To revert a single link to another non-free commercial software actually makes you suspicious of WP:COI that you might have a interest in either of the 5 softwares. Based on edit history, you do have a COI. --Xaiver0510 (talk) 01:50, 24 August 2018 (UTC)
 * If you'd like to assert that I have a COI please explain what you think it is. — Preceding unsigned comment added by Emergentchaos (talk • contribs) 14:09, 23 August 2018 (UTC)
 * You stated your former employer here Talk:STRIDE_(security), your own personal website (your edit summary at ) and to quote your personal website "While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3" . With the subsection, Threat_model, and I quote "Microsoft’s free threat modeling tool – the Threat Modeling Tool (formerly SDL Threat Modeling Tool).", you have a direct COI. I like to leave it at this.--Xaiver0510 (talk) 02:00, 26 August 2018 (UTC)

What criteria should we apply for methodologies, tools?
Someone just added OVVL, which is, as I understand it, a one person open source tool that's not in broad use. Similarly, the pate lists TRIKE, which I don't think spread much beyond use at Intel, and VAST, which is a method mainly supported by the company Threat Modeler. I bring these up to ask, what should we be doing with this page? Should it be comprehensive/exhaustive, or should there be criteria for what it lists? — Preceding unsigned comment added by Emergentchaos (talk • contribs) 13:59, 16 January 2020 (UTC)