Revised Threat Modeling

During the last three years I have been working with clients and speaking at industry Security events on threat modeling.  Threat Modeling was introduced at Microsoft during the development of Windows Server 2003 as a major component to the Microsoft Security Lifecycle for application development.  Over the last few years we have made some significant changes to improve the process based upon the experiences within Microsoft and those of our clients.

Recently, I presented the revised threat modeling process at the West Coast Security Forum on November 14th, 2005 in Vancouver, BC. 

You can find a description of the revised threat modeling process and the presentation on Dana Epp's Weblog, another developer with a passion for Security.