Adam Shostack: Creator of the Elevation of Privilege Game

Adam Shostack is the founder and President of Shostack & Associates. Adam Shostack was part of Microsoft’s Security Development Lifecycle (SDL) Strategy team for several years and was instrumental in overhauling Microsoft’s SDL threat modeling system. Adam Shostack also created Microsoft’s Elevation of Privilege (EOP) threat modeling card game.

What is an Elevation of Privilege?

An elevation of privilege occurs when a user or application gains rights (i.e., privileges) that should not be available to him or her. For example, a system’s user that should have “read-only” permission somehow elevates their system privileges to include “read and write” permissions.

Elevation of Privilege: The Threat Modeling Game is a card game Adam Shostack designed for 3-5 players and works to draw people who are not information security practitioners or experts into the craft of threat modeling. The game uses a variety of techniques to accomplish this and does so in an enticing, supportive, and non-threatening way. You can download the Elevation of Privilege threat modeling card game free from Microsoft.

Explore more via adam shostack (@adamshostack) | Twitter


Author: adamshostack

Adam Shostack is grateful for the opportunity to have served on the Seattle Privacy Coalition Board since 2015.Entrepreneur and technologist Adam Shostack focuses on providing customers with expert security analysis and solutions that work to improve security outcomes for their organizations

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: