Secure Coding mailing list archives
[WEB SECURITY] Are people using Threat modeling?
From: lists at ticm.com (Bret Watson)
Date: Thu, 13 May 2010 20:56:33 +0800
Sounds like my toolset... I've got some questionaires for them to do beforehand - basically education for the architects- they learn that if it doesn't come out yes all the way down it will be better if it was fixed first
. We've also put together a nice business process to show the heads (ie the ones that pay in this case) that it would be much cheaper to not design it broken in the first place... :) But in the end its interview and writeup :) Cheers Bret
Now concerning the tools: - 2 hours meeting with some guys from the business, a developer and the application business owner - I ask questions, they answer them, I take notes
Current thread:
- Are people using Threat modeling? Matt Parsons (May 11)
- [WEB SECURITY] Are people using Threat modeling? Romain Gaucher (May 11)
- [WEB SECURITY] Are people using Threat modeling? Gary McGraw (May 12)
- [WEB SECURITY] Are people using Threat modeling? AF (May 12)
- [WEB SECURITY] Are people using Threat modeling? Bret Watson (May 13)
- [WEB SECURITY] Are people using Threat modeling? McGovern, James F. (P+C Technology) (May 13)
- [WEB SECURITY] Are people using Threat modeling? Romain Gaucher (May 11)