by Keith McCammon

less than 1 minute read

In the course of reviewing a number of published threat models, it became apparent that there is not (nor does there need to be) any standard output format, even given the same methodology (e.g., STRIDE).

I’m into spreadsheets. Applying structure to data in a tabular format makes it possible to sort, summarize, use math and statistics to glean insights, and generally makes data more portable. So, I started collecting threat modeling outputs that fit into columns and rows, and I put them in into a Google Sheet.

Threat modeling output templates

alt

For now, the template includes the following output formats:

Shostack, from Table 1-3 Addressing Repudiation Threats in the canonical reference Threat Modeling: Designing for Security. The primary dimensions here are Threat Target, Mitigation Strategy, and Mitigation Technique.

Sysdig, from ECS Fargate threat modeling. This uses Asset, Threat, Security Control, and Mitigation Strategy as outputs.

Riggle, from An introduction to approachable threat modeling. This uses Principles, Goals, Adversaries, and Invariants as the entities in the model.

Threat modeling output templates

Categories:

Updated:

You May Also Enjoy

Improving CISA KEV data integrity

3 minute read

tl;dr - Sometimes CISA removes Known Exploited Vulnerabilities catalog records. It would be awesome if they marked them as withdrawn and/or superseded instead.

When your product becomes a feature

3 minute read

Having spent a few years using, maintaining, and building security products of every conceivable shape and size, it’s become apparent how uniquely risky it is to invest in building cloud[1] security products.