Threat models you can fit on one page

Draft writing — full body publishes via the editorial workflow.

A threat model that doesn’t fit on one page is one nobody re-reads. STRIDE is a fine worksheet — it’s a bad artefact. This post is the one-page template we use: surface, assets, attackers, in-scope mitigations, and crucially, the non-goals that justify the omissions.