Security BSides Boston - Is Threat Modeling for Me? - May 9, 2015
Is Threat Modeling for Me?
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. Yet, often many software shops either skip the important step of threat modeling in secure software design or, after creating pretty diagrams, forget the models to do the "real work" of writing software without understanding potential problems. Based on last year's excellent book on Threat Modeling: Designing for Security
by Adam Shostack, this session introduces threat modeling and creating threat models as a part of secure software design. We will also cover how to track threat models and some strategies for applying risk management in dealing with the threats.