Microsoft Application Threat Modeling Blog

Over the past years that I’ve been involved with threat modeling in the ACE Team, one of things I learnt is the fact that the term “threat modeling” is an overloaded term. Some methodologies claim to be “threat modeling” methodologies while they are more...

So far we’ve written generally about what Microsoft Threat Analysis & Modeling is, but lets get down to some specifics. Threat modeling at Microsoft is a process that is integral to the development lifecycle. Ideally a threat model should be developed...

Welcome to the Microsoft Application Threat Modeling blog! Here you will be able to learn about the threat modeling process, how it works and how it has helped business owners within Microsoft and other organizations understand the risks inherit in their...

One of the key components of our threat modeling methodology is the Attack Library with which what we're trying to do is, with absolute minimal information, convey the relationship between the exploit, the cause and the fix. Furthermore, in order to make...

If you will be attending RSA 2006, we invite you to attend the session: Understanding the Risk: Threat Modeling for the Enterprise which will be presented by Akshay Aggarwal , a colleague of mine that also works on the ACE Team. The session is on February...