DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

DEF CON’s Next Top Threat Model

  • Filter
  • Time
  • Show
Clear All
new posts

  • DEF CON’s Next Top Threat Model

    DEF CON’s Next Top Threat Model
    (Formerly Threat Modeling Challenge from DC27)

    Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.

    As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model

    August 6, 2021
    August 7, 2021
    PGP Key:

  • #2
    Registration is now LIVE!!


    • #3
      Form was updated so new registrations will receive an email with all design artifacts.

      Here is our FAQ if you would like more information about the contest.

      Results are due by 6PM PDT on Saturday August 7th.


      • #4
        We had a small QA issue with our form and unfortunately the design artifacts were not included in emails sent to anyone who registered in person at DEF CON. I have emailed everyone from defcon at, I BCC'd everyone so this may be in your spam folder.

        Our SSK developer mistakenly populated DFD Annotation 4 SSK->Inventory MicroService with an incorrect description. The proper description is "SSK calls the inventory microservice to populate the menu. " All other fields for this annotation are correct.


        • #5
          Results submission is open. Please use the google form link below. In order to upload files a Google account login is required. If you are not able to login to Google you may email 'defcon at'


          • #6
            noz Do you have any details on the winning submissions you can post?