Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://metalhead.club/users/SteveClough/statuses/112164018551180962">Schroedinger (steveclough@metalhead.club)'s status on Wednesday, 27-Mar-2024 06:44:12 JST</a><a href="https://metalhead.club/@SteveClough" title="steveclough@metalhead.club"><img src="https://gnusocial.jp/avatar/133251-48-20230531212954.webp" width="48" height="48" alt="Schroedinger" style="position: absolute; left: 0; top: 0;">Schroedinger</a><div><a href="https://infosec.exchange/@ryanc/112161015479724459" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/174285" title="ryanc@infosec.exchange">Ryan Castellucci :nonbinary_flag:</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@ryanc">@ryanc</a> <a href="https://infosec.exchange/@aris">@aris</a> But if you do threat modelling properly, you do that. You identify the sort of people who might want to gain access.and why.</p><p>I see your point about making them easier to understand, but I worry that they can be too simple. </p><p>Also so often, a threat model identifies areas of threat. The threat actors can and will change. Security dev always needs to be flexible and changeable - in weeks/months, not years.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2865644#notice-5697362">In conversation</a><time datetime="2024-03-27T06:44:12+09:00" title="Wednesday, 27-Mar-2024 06:44:12 JST">about 8 months ago</time> <span>from <span><a href="https://metalhead.club/@SteveClough/112164018551180962" rel="external" title="Sent from metalhead.club via ActivityPub">metalhead.club</a></span></span><a href="https://metalhead.club/@SteveClough/112164018551180962">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Schroedinger (steveclough@metalhead.club)'s status on Wednesday, 27-Mar-2024 06:44:12 JSTSchroedinger
in reply to
- Aris Adamantiadis :verified:💲Paid
- Ryan Castellucci :nonbinary_flag:
@ryanc @aris But if you do threat modelling properly, you do that. You identify the sort of people who might want to gain access.and why.
I see your point about making them easier to understand, but I worry that they can be too simple.
Also so often, a threat model identifies areas of threat. The threat actors can and will change. Security dev always needs to be flexible and changeable - in weeks/months, not years.
In conversationabout 8 months ago from metalhead.clubpermalink

Public

Embed Notice

HTML Code

Corresponding Notice