Threat Modeling and Understanding Inherent Threats - Adam Shostack - ESW #359

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats. Resources: Here's the Inherent Threats Whitepaper Adam's book, Threat Modeling: Designing for Security Adam's latest book, Threats: What Every Engineer Should Learn...

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.

Resources:

• Here's the Inherent Threats Whitepaper
• Adam's book, Threat Modeling: Designing for Security
• Adam's latest book, Threats: What Every Engineer Should Learn from Star Wars
• We mention the Okta Breach - here's my writeup on it
• We mention the CSRB report on the Microsoft/Storm breach, here's Adam's blog post on it
• And finally, Adam mentions the British Library incident report, which is here, and Adam's blog post is here

Show Notes: https://securityweekly.com/esw-359