Shostack + Friends Blog

20 Years of STRIDE: Looking Back, Looking Forward

Has it been that long already?

"Today, let me contrast two 20-year-old papers on threat modeling. My first paper on this topic, "Breaking Up Is Hard to Do," written with Bruce Schneier, analyzed smart-card security. We talked about categories of threats, threat actors, assets — all the usual stuff for a paper of that era. We took the stance that "we experts have thought hard about these problems, and would like to share our results."

Around the same time, on April 1, 1999, Loren Kohnfelder and Praerit Garg published a paper in Microsoft's internal "Interface" journal called "The Threats to our Products." It was revolutionary, despite not being publicly available for over a decade. What made the Kohnfelder and Garg paper revolutionary is that it was the first to structure the process of how to find threats. It organized attacks into a model (STRIDE), and that model was intended to help people find problems, as noted..."

Read the full version of "20 Years of STRIDE: Looking Back, Looking Forward" on Dark Reading.

Originally published by Adam on 01 Apr 2019
Last updated on 01 Aug 2019
Categories: threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.