As part of our job, we often read articles related to threat modeling. This is an excellent way to stay current with the latest trends and ideas and to discover where cutting-edge tools and techniques are being developed. Well-written articles on threat modeling are much less common than those on other security-related practices, such as secure programming and penetration testing. This, combined with my ongoing quest to uncover the complete history of threat modeling, often leads me to older articles—by old, I mean those published more than five years ago. Lately, I have discovered a few articles and resources that, while perhaps dated, contain a treasure trove of information and ideas still very relevant today.
I am embarking on a journey to discover an important concept or method in each of these earlier articles.
Today, I’m sharing some of these blog posts and resources and will demonstrate how they helped me grasp some concepts that are new to me.
It started with the article “Multiple Perspectives on Technical Problems and Solutions” by John Allspaw. Allspaw emphasizes that complex systems require multidisciplinary approaches and diverse perspectives to fully understand and effectively address issues. This well-known concept in threat modeling gains depth through his focus on dialogue and different forms of engagement, which provided me with ideas on how to refine my threat modeling process. Particularly, the aspect of ‘building confidence in the resilience of the solution’ intrigued me. The goal is clear, but how exactly would one achieve this?
At the beginning of the blog post, John also mentions a philosophy by Dan McKinley. The article “Choose Boring Technology” by Dan McKinley argues that businesses should prioritize using established, reliable, and well-understood technologies over newer, trendier ones. This aligns with my views as well—we are supposed to build resilient systems, not necessarily use the latest cutting-edge development framework unless it serves our goals. McKinley suggests that while it may be exciting to adopt the latest technologies, they often lead to unnecessary complexity, instability, and increased risk. Instead, he advocates for a pragmatic approach that focuses on tools and technologies with a proven track record of stability and support. Complexity and instability are, of course, enemies of a resilient system. Additionally, by choosing boring technology, businesses can minimize risks, reduce costs, and better focus on solving actual problems rather than constantly chasing the latest trends. However, from my personal experience, some very capable programmers and application architects are drawn to using the latest cutting-edge frameworks because it keeps their jobs interesting, and an organization might struggle to attract top talent to work on a system that uses only proven technology.
When I discussed this with our threat modeling group, they posed a very pertinent question: where would our customers find information on how to build such a resilient system? Again, I reached back in history to the excellent book by Ross Anderson, “Security Engineering”. There is a free version of the complete book. Although published in 2008, it is still relevant. In addition to the book, there are also 15 videos that explain several sections of the book.
Why look at a book from 2008? Well, it is still “correct”—the principles to secure products and systems have not changed much. This book covers the foundation and principles of creating a resilient system, and the techniques used have been proven and are time-tested. The resources are also available and accessible to everyone.
I will finish with a bold statement: I believe that by using these older resources, we are perfectly capable of creating a resilient and secure product that complies with the latest regulatory requirements and where the team can build high confidence in their product and its resilience. It is time to recycle these “old” ideas and perhaps not always necessary to come up with replacements for these ideas and techniques unless they show an actual improvement.