HeadlinesBriefing favicon HeadlinesBriefing.com

Threat Modeling for Developers: Soatok's Practical Guide Beyond Buzzwords

Hacker News •
×

Security researcher Soatok published an informal guide to threat modeling that cuts through industry jargon and buzzword usage. Written after frustrating discussions about post-quantum cryptography and age verification legislation, the piece targets developers who need practical intuition rather than academic formalism.

The author outlines seven essential questions for any threat model: what assets need protection, potential attackers, attack scenarios, prevention measures, asset relationships, underlying assumptions, and deliberately excluded threats. He recommends mapping system components on graph paper and iteratively drilling down into each piece, treating the process like playing Fortnite where focus narrows over time.

Soatok illustrates his approach through his Fediverse key transparency project, showing how assumptions about cryptographic algorithms can create vulnerabilities like the 'Invisible Salamanders' attack. He contrasts this with what he calls a poor threat model example from Matrix, criticizing its vague treatment of denial-of-service threats without concrete mitigation strategies.

Threat models work best as living documents that evolve with systems, not static snapshots filed away for compliance. Clear assumptions and honest acknowledgment of unaddressed risks produce more secure outcomes than pretending perfection is achievable.