- <...>
- <...>
- <...>
<...>
- <...>
- <...>
https://www.threatmodelingmanifesto.org/
- A culture of finding and fixing design issues over checkbox compliance.
- People and collaboration over processes, methodologies, and tools.
- A journey of understanding over a security or privacy snapshot.
- Doing threat modeling over talking about it.
- Continuous refinement over a single delivery.
- Leaning in over Always Saying “No”
- Data & Security Science over Fear, Uncertainty and Doubt
- Open Contribution & Collaboration over Security-Only Requirements
- Consumable Security Services with APIs over Mandated Security Controls & Paperwork
- Business Driven Security Scores over Rubber Stamp Security
- Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
- 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
- Shared Threat Intelligence over Keeping Info to Ourselves
- Compliance Operations over Clipboards & Checklists