Threat Models collection

  • 29 March 2023
  • 6 replies
  • 208 views

Is there a place( github repo, notion etc)where  can see a collection of threat models from various companies/individuals?

If not ,can we create a dedicated space on this forum where people can share their threat models keeping the privacy of their organisations intact.?


6 replies

Userlevel 4
Badge +1

Hey @hacxys , check out hysnsec/awesome-threat-modelling: A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. (github.com). It has a wealth of reference including a TM Example section. It’s one of my trusted sources.

I am aware of this but it is not an exhaustive resource where companies have shared their threat models

Userlevel 4
Badge +1

Companies tend to rarely share their Threat Models, it is rather considered an internal document for application security and risk management. Though, there is a project as part of the LinuxFoundation Core Infrastructure Initiative to have Threat Models released for Open Source projects. You may check here whether there might be some of interest for you: https://bestpractices.coreinfrastructure.org/de.

Hey @hacxys, give it a try here: https://github.com/TalEliyahu/Threat_Model_Examples

Userlevel 6

Thanks for the suggestion, @hacxys! Thank you @Michael Bernhardt and @jesperon for sharing the resources that have been helpful for you 😊

As @Michael Bernhardt, there are some challenges that we need to overcome to create a secure space for sharing real world threat models within this forum. That said, we do see the value of having more examples shared and showcased in this community - something we’ll work on and hopefully can address later this year!

Userlevel 2
Badge

I'd love to see tons of threat models shared in this community. In the meantime also check out this OWASP project https://owasp.org/www-project-threat-model-cookbook/

Reply


V2