From b67d6e09612f5ab6e65cbb8eaf748a9ffae90fd7 Mon Sep 17 00:00:00 2001
From: Andreas Happe <andreashappe@snikt.net>
Date: Wed, 11 Sep 2024 08:14:57 +0200
Subject: [PATCH] add some threat modeling links

---
 docs/the-top-10/c4-secure-architecture.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/the-top-10/c4-secure-architecture.md b/docs/the-top-10/c4-secure-architecture.md
index 076b4ef..8ada6ec 100644
--- a/docs/the-top-10/c4-secure-architecture.md
+++ b/docs/the-top-10/c4-secure-architecture.md
@@ -69,7 +69,7 @@ For a solution to be considered a pattern, it must have these characteristics:
 - First, a secure architecture pattern must solve a security problem.
 - Second, a secure architecture pattern must not be tied to a specific vendor or technology.
 - Third, a secure architecture pattern must demonstrate how it mitigates threats.
-- Fourth, a secure architecture pattern must use standardized terms for threats and controls for easy reuse.<sup>[^footnote-1]</sup>
+- Fourth, a [secure architecture pattern](https://securitypatterns.io/what-is-a-security-pattern/) must use standardized terms for threats and controls for easy reuse.
 
 An architecture pattern is a way to solve a problem using a standard solution versus creating a custom solution. A secure architecture pattern is a standard solution that has been reviewed and hardened against known security threats.
 
@@ -94,6 +94,6 @@ Implementation:
 
 ## Tools
 
-- maybe add some threat modeling tools here?
-
-[^footnote-1]: <https://securitypatterns.io/what-is-a-security-pattern/>
+- [OWASP Threat Dragon](https://owasp.org/www-project-threat-dragon/)
+- [Amazon AWS Threat-Composer](https://github.com/awslabs/threat-composer)
+- [StrideGPT](https://github.com/mrwadams/stride-gpt)