Published: 11 April 2022
As security and risk management development teams create security approaches, threat modeling should be viewed as an effective, long-term improvement tool. However, we regularly receive questions, and confront misunderstandings, about TM best practices and benefits, so here, we address five.
Included in Full Research
Threat modeling is critical to many security-by-design programs, because it helps security and development teams enumerate likely threat vectors and establish effective mitigations.
TM is a time-intensive exercise, especially when creating new models from scratch.
Differential threat models, which involve changing existing TM practices, based on design or mitigation changes, are faster, less-intensive ways to gain scale; however, they require work at the start.
All developers need access to the tools and knowledge base for TM to be effective, although only a subset will be modeling new architectures.
Although accurate TM can be performed with a whiteboard and marker, it’s a lot
Clients can log in to view the entire
Software Engineering Research Team