> Or you might document and analyze your threat model first, before protecting against those threats.
of course, anyone would be able to document all threat models:)
you know this can be never the case - hackers who are good at breaking things STILL are able to do so. the point is to restrict the extent of their reach ( think defense-in-dept ) .
in other words, threat modelling is nice to do to reduce the attack vectors, but defense in depth should be important then too.
Slashdot Mirror
> Or you might document and analyze your threat model first, before protecting against those threats. of course, anyone would be able to document all threat models :)
you know this can be never the case - hackers who are good at breaking things STILL are able to do so. the point is to restrict the extent of their reach ( think defense-in-dept ) .
in other words, threat modelling is nice to do to reduce the attack vectors, but defense in depth should be important then too.