Incremental threat modeling: Never try to boil an ocean
Threat modeling is one of the best techniques for achieving secure architectures. However, introducing it on existing complex projects requires time that architects and developers may not have. Irene Michlin introduces a technique for performing threat modeling in ongoing projects without a prohibitive initial time investment.
| Talk Title | Incremental threat modeling: Never try to boil an ocean |
| Speakers | |
| Conference | O’Reilly Software Architecture Conference |
| Conf Tag | Engineering the Future of Software |
| Location | San Francisco, California |
| Date | November 14-16, 2016 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Threat modeling, a structured method for identifying weaknesses on architectural level, is an invaluable tool for software architects who want to create secure architectures or check existing architectures for security flaws. However, introducing it on existing complex projects requires time that architects and developers may not have, and not every company can afford a Microsoft-style “security push,” where all new development stops in order to focus on security. Incremental threat modeling that concentrates on current additions and modifications can be time-boxed to fit the tightest of Agile life-cycles and still deliver security benefits. Irene Michlin introduces a technique for performing threat modeling in ongoing projects without a prohibitive initial time investment. Full disclosure is necessary at this point—threat modeling is not the same as adding tests to the “ball of mud” codebase and eventually getting decent test coverage. You will not be able to get away with doing just incremental modeling—you must tackle the whole architecture at some point. But the good news is that you will approach this point with more mature skills from getting the practice, and you will get a better overall model with less time spent than if you tried to build it upfront.
