Threat Modeling

  • Article

I have been a big supporter of threat modeling since a bunch of us started defining and using the process within Microsoft. It's a very useful way to determine how bad guys will attempt to compromise a piece of software, and define appropriate mitigations.

I am happy to say it's taken on a life of its own with the company, and many of our customers are using the technique as well.

The good folks at MSDN, most notably Brian Johnson, have set up a portal for threat modeling. Take a look @ https://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx