Software Engineering, Project Management, and Effectiveness
While trying to create threat model template for customers, I analyzed many threat models inside and outside Microsoft. It was insightful to see the patterns of what was useful across threat models and what was noise.
A good threat model has the following components:
A good threat model serves the following purposes:
By far, the most tangible output of the threat modeling activity is a prioritized list of vulnerabilities. These are action items for your developers and input for your testers. The developer makes a call on whether and how to fix, and the tester will test the fix.
This sample Template for a Web Applications Threat Model comes very close to showing what I've empirically seen to be useful, though there's always a gap between reality and real-time.
Threat Modeling is a way to identify potential security issues to help you shape your application's security
Threat Modeling is a way to identify potential security issues to help you shape your application's
When people ask me my take on model-driven approaches, I think of two ends of the spectrum -- human and