Microsoft's Larry Osterman On Threat Modeling

Schneier has pointed out an excellent series of blog posts about threat modeling by Microsoft's Larry Osterman. The series focuses on the PlaySound API as an example. "As you go about filling in the threat model threat list, it's important to consider the consequences of entering threats and mitigations. While it can be easy to find threats, it is important to realize that all threats have real-world consequences for the development team. At the end of the day, this process is about ensuring that our customer's machines aren't compromised. When we're deciding which threats need mitigation, we concentrate our efforts on those where the attacker can cause real damage."

That's got to be a hell of a job

[Skyshadow]

Try to imagine this guy's work day: He gets to wake up in the morning, hug his kids and then go into work and spend all day trying to figure out the right combination of security defaults that will (a) let people go out and do stuff while (b) protecting them from their own "I'm a average Windows user" level of abject stupidity.

Put another way, imagine that instead of just setting up a computer for your parents, you had to set one up for *everybody's* parents. All at once.

As much as it's fun to give MS shit for their products, I think I'd last about two hours in that position before I went into the executive washroom and slashed my wrists.