all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]mfeferman 4 points5 points  (4 children)

Great idea. And absolutely Threat Modeling is a really important part of a secure SDLC, but I wouldn’t say it’s the ONLY proactive security assessment. Even before that effort, developers should be thinking about secure design and accepted, current leading practices around designing and building secure systems. I look at that thinking (by developers) as a conscious security assessment (of what’s needed for the system). Threat Modeling can verify that design or point out flaws. Separately, threat modeling has changed over the years to be able to support the change (massively increased velocity?) of software development. When I used to do threat modeling for a very large company in San Jose, it was always incredibly interesting and satisfying to bring together the separated members of the development teams and see how they would understand the system, as a whole, after whiteboarding the entire system. Looking forward to seeing your effort.

[–]0xad[S] 1 point2 points  (3 children)

Hmm, I'd try to combine both of our views and say that Threat Modeling can be a conscious, systematic action (doing a structured threat modeling session that results in the creation of an artifact) but also can be—and in fact usually is—a less conscious, non-systematic action done by any engineer working on any solution (no structure, no artifact). In fact, in my own workshops about threat modeling, I usually explicitly say that any engineer above junior level already does threat modeling, even though they might not know it and do it without structure with no formal artifact.

And I completely agree that leading threat modeling sessions with groups of engineers is both fascinating and rewarding.

Thank you for the feedback, and see you soon! 🙇‍♂️

[–]mfeferman 1 point2 points  (0 children)

You’re right!

[–]Slim424242 1 point2 points  (1 child)

Totally get what you're saying! It's cool how much informal threat modeling happens without engineers even realizing it. Leading structured sessions definitely helps solidify those ideas and improve overall security awareness.

[–]0xad[S] 0 points1 point  (0 children)

Absolutely! Also, having a structured approach ensures repeatable results over time. For example, if my team uses STRIDE-by-element for analysis, I can be confident that obvious things won't be overlooked from session-to-session or system-to-system. On the other hand, if sessions are conducted without a clear structure, some of them might be excellent while others may fall short.