Threat Modeling: Brainstorm threats

, Software Pundits
This post was originally published on this site

Martin Fowler

How to simplify a complex problem

What are the security requirements for the software you are building? Finding a good answer is surprisingly complex. You want to prevent cyber losses over the lifetime of the system. But what are the concrete stories, acceptance criteria and technical scope that delivers that outcome? That is the puzzle addressed in this guide.

Somewhat unhelpfully, cyber specialists will often ask: ‘What is your threat model?’ This answer is very non-specific and uncertain, much like turning around and saying ‘it depends’. Worse, ‘threat model’ is obscure technical jargon for most people adding unnecessary mystique. And if you research the topic of threat modelling the information can be overwhelming and hard to action. There is no agreed standard for a ‘threat model’ or anything like that.

So what are threat models and what is threat modelling? The core of the concept is very simple. It is

To read the full article click on the 'post' link at the top.

Date

You May Also Like

Bottlenecks of Scaleups #05: Resilience and Observability

GenAI Patterns: Fine Tuning

Domain-Oriented Observability

Bottlenecks of Scaleups: How did you get tech debt?

How to manage a program in a product-mode organization

Bliki: PullRequest

More Posts From: Software Pundits

Error'd: Teamwork

CodeSOD: A Jammed Up Session

Building Custom Tooling with LLMs

CodeSOD: itouhhh…

Coding Assistants Threaten the Software Supply Chain

JavaScript Recipe with Closures, Currying and Arrow Functions