After the initial release, we got some fantastic replies (see below).
What’s stood out from those feedbacks and many others is:
1) As security professionals, we must dive deep and;
2) It requires a significant mental effort from the reader to commit to understanding a 160-page PDF.
With ControlCatalog, we want to help anyone to take advantage of the data from our ThreatModels, whether you have 5 or 50 minutes. It allows the reader to pivot between threats and controls, see the MITRE ATT&CK®, see the top threats and controls, understand a particular flow, etc.
To get started, visit the ThreatModel of Amazon S3 on ControlCatalog.
Hmmm — looks very interesting and helpful! https://t.co/loKwVwNQnV
— Jeff Barr (@ ) (@jeffbarr) February 18, 2022
Dear god this is
fucking thorough https://t.co/OiDiGEMEZP
Kinnaird McQuade (@kmcquade3) August
S3 threat model
out on vacation! pic.twitter.com/demF11glnO
katnik (@NightmareJS) February
Threat Model for
AWS S3 via @trustoncloud.
S3 is arguably the simplest of over 200 cloud services, each with its
own (similarly complex) threat model.
Jan Schaumann (@jschauma) August
comprehensive (160+ pages!) open source #AWS
S3 threat model document from the team @trustoncloud.
It’s incredible how many attack vectors can exist for just a
Matt Fuller (@matthewdfuller) August