Threat Modeling Vocabulary

  • Weakness: software defect (or bug)
  • Vulnerability: software weakness that can be exploited
  • Attack: 3 different properties
    • Target: something of value
    • Attack Vector: the mean to reach the target
    • Threat Actor: the one carrying the attack
  • Attack Surface: anything that can be obtained, used or attacked by a threat actor.
  • Risk = Impact \(\times\) Likelihood
    • Impact: the negative outcome of an attack
    • Likelihood: the probability of something happening