The Four Question Framework with Adam Shostack - Listen - The

The Four Question Framework with Adam Shostack

Listen now

Description

In this episode, we discuss the four-question framework for threat modeling with its creator, Adam Shostack. We dive deep into the meaning and purpose of each question and how they simplify the threat modeling process. The four questions are: 1) What are we working on? 2) What can go wrong? 3) What are we going to do about it? 4) Did we do a good job? Adam explains that these questions are not a methodology but a foundation for a more practical approach to threat modeling. We also discuss the importance of retrospectives, evolving the framework, and how it can be applied in various situations. Lean into the four questions, and you might become a threat modeling Jedi.

More Episodes

See all »

Gavin Klondike -- Threat modeling for large language model applications

In this episode of the Threat Modeling Podcast, host Chris Romeo takes listeners on a journey through the intricate world of threat modeling. Joined by senior security consultant Gavin Klondike, the episode delves into Gavin's experiences and insights into threat modeling, particularly in the...

Published 08/02/24

Nandita Rao Narla -- Privacy Threat Modeling Wins, Losses, and Tools

In this podcast episode, Nandita Rao Narla explores the reasons why privacy threat modeling programs often fail, such as being expensive with a lot of friction in the development lifecycle, misalignment with organizational strategies focused on compliance rather than risk, and difficulty...

Published 05/15/24

The Threat Modeling Podcast

Published 05/15/24