The Jenga View of Threat Modeling

I’m happy to announce Shostack & Associate’s new, first, corporate white paper!It uses Jenga to explain why threat modeling efforts fail so often.

I’m excited for a lot of reasons. I care about learning from failure. I love games as teaching tools. But really, I’m excited because the paper has helped the people who read early copies.

It’s also exciting because as it turns out, the Jenga metaphor is way bigger than threat modeling. I’m talking about threat modeling because people tell me that’s what they want to hear about, but really, threat modeling requires culture change. It requires organizational work, and thinking about Jenga blocks will help you achieve that.

Only time will tell, but I think this is going to be as important as the ‘experiences’ paper where I broke threat modeling into attacker-centric, asset-centric and technology-centric views. This feels like an equally important step forward.

Because I really want people to read this paper, there’s no registration required. Because I want people to use the ideas, I’m releasing it under a creative commons license.

You can get your copy at

[Added Wednesday: And I joined the Application Security Podcast to talk about the paper, you can watch or listen here.]