Who Are "We"? Power Centers in Threat Modeling
Adam Shostack
TL;DR
Power dynamics shape who gets to model threats and what counts as a threat. The paper contrasts creator threat modeling with analyst-facing approaches and critiques universal methodologies that ignore non-creators. It proposes Threat Modeling for the rest of us, a simple framework that asks What have they delivered? How will it hurt me? Can I protect myself and should I use it? Through discussions and examples, including IPV contexts and user-facing analysis, it demonstrates how inclusive threat modeling can surface risks often missed by traditional methods and support more accessible, accountable security practice.
Abstract
I examine threat modeling techniques and questions of power dynamics in the systems in which they're used. I compare techniques that can be used by system creators to those used by those who are not involved in creating the system. That second set of analysts might be scientists doing research, consumers comparing products, or those trying to analyze a new system being deployed by a government. Their access to information, skills and choices are different. I examine the impact of those difference on threat modeling methods.