Elevation of Privilege: Drawing Developers into Threat Modeling

Adam Shostack here. In the holiday spirit I wanted to share an academic-style paper on the Elevation of Privilege Threat Modeling card game (EoP_Whitepaper.pdf). The paper describes the motivation, experience and lessons learned in creating the game.

As we’ve shared the game at conferences, we’ve seen their eyes light up at the idea of a game. We think of this as enticement, which is a great compliment to the many other reasons to get involved in secure development.  As someone once said, a spoonful of sugar helps the medicine go down.

We think of Elevation of Privilege as an important demonstration that enticing people into secure development lifecycle is possible. We certainly don’t think that it’s the only game that’s possible, and so hope that sharing our experiences will help you understand the game, how to use it, and how to build on it, maybe making a game of your own to help you with challenges you face bringing secure
development to your organization.

Download all of the Elevation of Privilege content here: http://www.microsoft.com/en-us/download/details.aspx?id=20303


About the Author
SDL Team

Trustworthy Computing, Microsoft

Join the conversation

  1. Anonymous


    The EoP Cards+Box_Native files.zip download link does not work…



  2. Anonymous

    I agree the download link is broken. Any fix on this?

  3. Anonymous

    Manacle Technologies has a skilled team to develop BlackBerry applications. It has been recognized as one of the pioneer blackberry applications development company in Ahmadabad, catering to a strong client base across US, Canada, EU, Middle East, UK and India.

  4. Anonymous

    Just wanted to let people know that the download link is fixed. (and has been for a while.)

Comments are closed.