Secure Coding mailing list archives
differences between Threat Analysis and Threat Modeling
From: jgrembi at gmail.com (Jason Grembi)
Date: Wed, 14 Feb 2007 16:11:33 -0500
Hi Ken, I am currently researching the differences between Threat Analysis and Threat Modeling. I thought your readers on the mailing list may give me a clearer distinction. How I understand it is that *both* identify security threats, determine risk, and create the right countermeasures by analyzing various types of documentation about the system and looking for vulnerabilities and/or areas of weakness. *Threat Analysis* ? is more *informal* way of 'eyeballing' system architecture and application design. *Threat Modeling* [Microsoft SDL] ? more *formal*, every requirement is modeled and scrutinized. Any additional help you or your readers can provide would be appreciated. Thanks Jason Grembi Web Developer -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20070214/c2a37207/attachment.html
Current thread:
- differences between Threat Analysis and Threat Modeling Jason Grembi (Feb 14)
- differences between Threat Analysis and Threat Modeling scott hollatz (Feb 14)
- differences between Threat Analysis and Threat Modeling Benjamin Tomhave (Feb 14)
- differences between Threat Analysis and Threat Modeling Paco Hope (Feb 22)