This is cache of http://blogs.msdn.com/sdl/archive/2008/06/17/sdl-threat-modeling-past-present-and-future.aspx. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
SDL Threat Modeling: Past, Present and Future
2008-06-17 21:59:50 by sdl in The Security Development Lifecycle
 

Adam Shostack here.

I wanted to share my slides from the recent Layer One conference [link], where I talked about "SDL Threat Modeling: Past, Present and Future."

There are a few points that I wanted to emphasize. The first is that I'm talking about threat modeling from the perspective of the SDL. We have other threat modeling processes here at Microsoft, and we're working to bring you more clarity in how we speak about them. For my part, I'll try to clearly say "SDL threat modeling," or be explicit when I'm talking about threat modeling in broad terms.

Which brings me to my second point, and a slide I wanted to emphasize. (Shown here)

image001 

I no longer think of threat modeling as one thing. I see it as a label for a set of ways to address the question of "what could go wrong" with a design or set of requirements. The SDL has one process. The folks in ACE and Patterns and Practices each have another. All are customized to meet various needs. Much like we have lots of programming languages which address different problems, we're going to have lots of threat modeling processes.

Anyway, I hope you enjoy the slides.

 
Tags: sdl threat, sdl, threat, slides, lots, conference link, future, past, address
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia