You may have heard of threat modeling as a structured activity for identifying and managing threats. Threat modeling can be applied to a wide range of things, including software, applications, systems, networks, IOTs and business processes. Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.” Without threat modeling, […]
Q&A: Speaking DevOps and Threat Modeling with the author of Threat Modeling: Designing for Security
If you want to understand how to threat model systems and applications in most any environment you turn to someone who has done so. That’s why we took 30 minutes to speak with Adam Shostack. Adam is responsible for security development lifecycle threat modeling at Microsoft and he is one of the very few threat […]