Inspired by @ryanc@infosec.exchange toot and long discussion it triggered. Ryan Castellucci wrote:
Developers should make “abuser stories” a thing.
As a Stalker, I want to track my ex's every move, So that, I can 'coincidentally' run into them at any time.As a Thief, I want to be able to reset passwords using SMS verification, So that, I can compromise any account by bribing a telco employee.
Various terminology is discussed. I like “Abuse Case” better than “abuser story”, indicating an anti-use case to defend against, part of Threat modeling.
Other terminology coined was “Miscreant”, which I like as an alternative to Threat Actor…
Free dictionary: miscreant
(mĭs′krē-ənt)
- One who behaves badly, often by breaking rules of conduct or the law.
The Design Under Pressure page by SimplySecure defines a range of Miscreant “persona non grata”.