Soatok's Informal Guide to Threat Models
This guide explains what threat models are and why they matter in security. It covers key concepts like assets, adversaries, attack vectors, and risk assessment, using informal examples to help readers think systematically about potential harms and defenses.
Background
- **Threat modeling** is a structured way to think about security risks: what you're protecting, who might attack it, what they could do, and how you'd respond. It's used in software engineering, cryptography, and system design — not just a theoretical exercise but a practical tool for making trade-offs.
- Soatok (the pseudonymous author) is a well-known furry blogger and software engineer who writes about cryptography, security culture, and internet privacy. Their audience is technically literate but often needs context on security fundamentals.
- This guide is informal and jargon-light, aimed at helping newcomers understand why threat modeling matters, how to do it, and common mistakes (like protecting against the wrong adversary or assuming perfect security). It fills a gap because many developers skip this step or rely on vague "best practices."