[AM2.5: 16] Build and maintain a top N possible attacks list.
The SSG helps the organization understand attack basics by maintaining a living list of important attacks and using it to drive change. This list combines input from multiple sources such as observed attacks, hacker forums, industry trends, new technology stacks or deployment methods in use, etc. It does not need to be updated with great frequency, and attacks can be coarsely sorted. For example, the SSG might brainstorm twice per year to create lists of attacks the organization should be prepared to counter “now,” “soon,” and “someday.” In some cases, attack model information is used in a list-based approach to architecture analysis, helping focus the analysis as in the case of STRIDE. Don’t just build the list; use it.