Links threat modelling, building safe software

• Why Is It So Hard To Build Safe Software?: Stuff to think about in here.
  • Pace of change
  • Number of people involved in practice
  • How much time is given to evaluate systems
  • Number of interacting systems
  • Physics of how close every system is to every other vs real world (There are no geographic constraints on the internet. Everyone is one mis-configuration away from everyone else.)
• An introduction to approachable threat modeling: A personal favourite of mine. Presented in this article is a way to think about threat modelling of a system that is straightforward and doesn’t add a lot of overhead that is avoided.
  • Principles, (who is interested in this system being up)
  • Goals, (What do we want the system to be able to do, within what constraints)
  • Adversities, (What could happen that would interfere with our goals)
  • Invariants (What should also be true in the system to ensure applied workloads make progress)