Threat modeling in Industry Standards

  • 30 November 2023
  • 0 replies

Userlevel 3

hi folks! I wanted to share a blog post, C2PA Threat Modeling, and get thoughts on a question: Did they do a good job?

Threat modeling for an industry standard is different than threat modeling for a thing you’re building for internal use, which is different than threat modeling for an API or a platform. One of my key goals in my Threat Modeling Thursday blogs is that no one should ever wince because I’m going all Gordon Ramsey on them. So while I intentionally accentuate the positive, I’m curious: what else can we learn by looking at their work?

0 replies

Be the first to reply!