http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspxSeveral enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactiveen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#8593443Thu, 12 Jun 2008 20:32:40 GMT91d46819-8472-40ad-a661-2c78acb4018c:8593443SME<p>Excellent post once again. Webappsec programs are in different stages of maturity in different orgs. It's important to introduce the right thing (scanning, static code review,...) at the right time for best ROI. &nbsp;This article makes a good case for when to introduce threat modeling.</p>http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#8619884Thu, 19 Jun 2008 05:37:25 GMT91d46819-8472-40ad-a661-2c78acb4018c:8619884Microsoft Application Threat Modeling Blog<p>Great post by my friend and colleague around threat modeling in a series he's doing on application security</p> http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#8625084Fri, 20 Jun 2008 11:55:43 GMT91d46819-8472-40ad-a661-2c78acb4018c:8625084TrackBackhttp://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#8792841Thu, 31 Jul 2008 05:51:56 GMT91d46819-8472-40ad-a661-2c78acb4018c:8792841Microsoft Ireland Blog<p>a {color : #0033CC;} a:link {color: #0033CC;} a:visited.local {color: #0033CC;} a:visited {color : #800080;}</p> http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#8852537Tue, 12 Aug 2008 20:33:07 GMT91d46819-8472-40ad-a661-2c78acb4018c:8852537Georgeo Pulikkathara's Microsoft Blog<p>&amp;#160; Be sure to check out Talhah Mir's blog on threat modeling. <a rel="nofollow" target="_new" href="http://blogs.msdn.com/threatmodeling/">http://blogs.msdn.com/threatmodeling/</a></p> http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx#9464764Sun, 08 Mar 2009 06:58:02 GMT91d46819-8472-40ad-a661-2c78acb4018c:9464764Philip.Agcaoili<P>Hey Akshay.</P> <P>What's interesting for us is where Threat Modeling worked and did not work. &nbsp;</P> <P>We struggled to show success and ROSI for IT engagements, only obtaining 1-2 serious architectural and/or approach flaws using Threat Modeling. The environment is much more stable and there are more knowns, so TM seemed too trivial for some of our IT dev teams.</P> <P>For our Product development and Software as a Service offerings (SaaS or Cloud Computing), Threat Modeling is at the core of what we do to ensure sound architecture and fundamentals to each of these areas.</P> <P>Glad to see the tool is updated as well. We have been plodding along using Word/Visio templates for our Threat Models and hoping the tool works better for us this go around.</P> <P>Thanks,</P> <P>Phil Agcaoili</P>