Publish Your Threat Models! The benefits far outweigh the dangers

TL;DR

Publishing public threat models enhances transparency, security understanding, and trust in the software supply chain, outweighing potential risks and encouraging industry-wide adoption.

Contribution

This paper advocates for the open sharing of threat models, providing guidance on redaction, updates, and benefits, promoting transparency and security in the tech industry.

Findings

Early adopters demonstrate benefits of PTMs

Guidelines for redacting sensitive info in threat models

Community encouragement can normalize PTM sharing

Abstract

Threat modeling has long guided software development work, and we consider how Public Threat Models (PTM) can convey useful security information to others. We list some early adopter precedents, explain the many benefits, address potential objections, and cite regulatory drivers. Internal threat models may not be directly suitable for disclosure so we provide guidance for redaction and review, as well as when to update models (published or not). In a concluding call to action, we encourage the technology community to openly share their PTMs so the security properties of each component are known up and down the supply chain. Technology providers proud of their security efforts can show their work for competitive advantage, and customers can ask for and evaluate PTMs rather than be told "it's secure" but little more. Many great products already have fine threat models, and turning those into PTMs is a relatively minor task, so we argue this should (and easily could) become the new norm.