Threat Modeling

I have been a big supporter of threat modeling since a bunch of us started defining and using the process within Microsoft. It’s a very useful way to determine how bad guys will attempt to compromise a piece of software, and define appropriate mitigations.

I am happy to say it’s taken on a life of its own with the company, and many of our customers are using the technique as well.

The good folks at MSDN, most notably Brian Johnson, have set up a portal for threat modeling. Take a look @

Comments (1)

  1. E-Bitz - SBS MVP the Official Blog of the SBS says: