Everything can be improved. Here's Geoff 's proposal for improving STRIDE taxonomy, he granted me the permission to publish it; in his words: The STRIDE mnemonic was created to simplify the ability for non-security members to identify areas where software teams commonly made security mistakes. It has covers 6 unique security weakness points. The mnemonic is enhanced by integrating it with the Security Frame, a framework that highlights the 10 most common security patterns that get improperly designed and implemented. The enhanced STRIDE is here: · Spoofing (Authentication) · attempting to gain access to a system by using a false identity · cause - poor authentication of entities · Spoofing (Session handling) · attempting to gain access to a system by using a false identity · cause - poor management of session tokens (key length, key lifetime, key storage) · Tampering (Validation) · unauthorized modification
The Software Security blog