I have recently been looking at threat modelling. Have you ever been in a situation where the project manager says "is this solution secure"? More often than not people are scrambling after the event to plug the holes in the application that might make the ship sink. A more proactive approach would be to model threats and talk about solutions from a defensive point of view - ideally at functional specification.

Using the Microsoft Threat Analysis and Modelling Tool v2.0  you can start to define an application in terms of a richer taxonomy (I'm getting into the lingo)

Threat types:

  • Integrity
  • Availability
  • Confidentiality

Specific threats can reveal vulnerabilities that have counter-measures. Each of which can have a response.

Responses types:

  • Accept
  • Avoid
  • Reduce
  • Transfer
  • None (!)

...and the results, suggested countermeasures, customization and reports that this application produces are excellent and will "spock" most in your development team.

It will take a lot of time to setup but the benefits could well out any problems down the track.

Links

PAG: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwa.asp

ACE: http://msdn.microsoft.com/security/securecode/threatmodeling/acetm/

ACE Blog http://blogs.msdn.com/threatmodeling