[guardian-dev] Afternoon read, Highlights from Berlin CirTech Conference

Wed Oct 16 10:48:40 EDT 2013

Hey guys! Abel that sounds like a good approach. Can we use Google docs to
assemble the material? It seems easier to deal with than a wiki or github.
I can be flexible. I'm just trying to create the lowest-barrier possible
for reading and adding info.

Thanks, C

On Wed, Oct 16, 2013 at 6:36 AM, Abel Luck <abel at guardianproject.info>wrote:

> Ditto.
>
> So let's move this forward.
>
> For number one, I propose we assemble the the technical material
> outlining the adversaries, threats, and risks in the traditional
> user-unfriendly jargon in a wiki or a markdown document in github.
>
> Then, together we can work on the "translating" bits.
>
> Does that sound like a good approach?
>
> ~abel
>
> Hans-Christoph Steiner:
> >
> > I'm interested in working on this!  At the first RFA OTF meeting, this
> was a
> > hot topic, and everyone agreed that we need more resources on this.  But
> > nothing really happened about it.  So let's pick it up and see what we
> can do...
> >
> > .hc
> >
> > On 10/15/2013 12:01 AM, Carrie Winfrey wrote:
> >> 1) We could jointly develop a UI/UX + Threat Modeling approach,
> >> specifically tailored for mobile threats, and come up with a way to
> >> incorporate that in our design process
> >>
> >> 2) Figure out a way to publish this work in a friendly end-user manner,
> >> so that we can offer users who are intersted a quick way to "learn more
> >> about the types of threats, risks this app is meant to handle", etc.
> >>
> >> I'm definitely interested in working on this. Anyone else?
> >>
> >>
> >> On Wed, Oct 9, 2013 at 10:32 PM, Nathan of Guardian <
> >> nathan at guardianproject.info> wrote:
> >>
> >>> On 10/09/2013 09:36 AM, Carrie Winfrey wrote:
> >>>> - The detailed threat model document should be accessible by the users
> >>>> in the documentation of the tool.
> >>>
> >>> The best example where we have done this is the work we did on the
> >>> "InTheClear" app with SaferMobile a few years ago. At launch, we
> >>> released this presentation:
> >>>
> >>>
> >>>
> https://docs.google.com/presentation/d/18EjcoV0QJcLu7lkVQQViD-bBoWrsKPLToBbRwrrfP7k/edit#slide=id.i0
> >>>
> >>> On slide 18, is where we get into the threat modeling we did as part of
> >>> the design stage of the app, and also as part of the post-auditing
> efforts.
> >>>
> >>> This was based on the STRIDE approach, with a few other techniques,
> that
> >>> you can learn about here:
> >>>
> >>> http://msdn.microsoft.com/en-us/magazine/cc163519.aspx
> >>> http://technet.microsoft.com/en-us/security/dn140238.aspx
> >>>
> >>> It would be great if:
> >>>
> >>> 1) We could jointly develop a UI/UX + Threat Modeling approach,
> >>> specifically tailored for mobile threats, and come up with a way to
> >>> incorporate that in our design process
> >>>
> >>> 2) Figure out a way to publish this work in a friendly end-user manner,
> >>> so that we can offer users who are intersted a quick way to "learn more
> >>> about the types of threats, risks this app is meant to handle", etc.
> >>>
> >>> I know there are others on this list who may have more experience and
> >>> input in threat modeling as well, so would love to see more examples,
> >>> links, input on this topic from all.
> >>>
> >>> +n
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Guardian-dev mailing list
> >>
> >> Post: Guardian-dev at lists.mayfirst.org
> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>
> >> To Unsubscribe
> >>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
> >>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> >>
> >> You are subscribed as: hans at guardianproject.info
> >>
> >
>
>

-- 
Carrie Winfrey, Interaction Designer
carriewinfrey.com <http://www.carriewinfrey.com>  |
@crwinfrey<https://twitter.com/crwinfrey>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20131016/02d92686/attachment-0001.html>