2 Comments on "55 5 ⭐ Reviews?"

  1. Hi Adam,

    I feel like a classic approach to threat modeling starts with threat actors. For instance, on a web service I work on, one threat actor is a customer administrator of one of our application tenancies, who goes bad and decides to harm his employer. While at the bottom of the list of actors is the financially motivated hacker, the politically motivated hacker, and the basement dwelling script kiddie whose only motivation is to follow curiosity or to show off.

    All of these threat actors bring completely different threats to the table.

    Why is it then, that your four-question approach omits the question, “who”?

    If you wish to, please feel free to delete this comment and reply by email. Thanks.

Comments are closed.