<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Threat Model 101</title>
    <link>https://www.threatmodel101.com/</link>
    <description>Recent content on Threat Model 101</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en</language>
    <lastBuildDate>Thu, 02 Jul 2026 21:20:53 +0100</lastBuildDate>
    <atom:link href="https://www.threatmodel101.com/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Why threat model?</title>
      <link>https://www.threatmodel101.com/posts/why-threat-model/</link>
      <pubDate>Thu, 02 Jul 2026 21:20:53 +0100</pubDate>
      <guid>https://www.threatmodel101.com/posts/why-threat-model/</guid>
      <description>Most attacks or breaches aren&amp;rsquo;t the result of highly complex or technical methods, they&amp;rsquo;re the result of decisions and assumptions nobody has questioned early enough. Accounts with excessive privileges, credentials sitting in plain text in a shared repo, no identity validation for remote workers contacting your service desk, these are a few examples of what an attacker may take advantage of.&#xA;These issues might eventually get flagged through governance reporting, posture management or even a threat detection alert but by then, it&amp;rsquo;s often too far down the line and fixing it gets expensive.</description>
    </item>
  </channel>
</rss>
