An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry
Evaluating security risks and conducting threat modeling are challenging for open source project contributors and adopters. There are rarely enough people, or people with experience, to tackle these t …
Talk Title | An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry |
Speakers | Tingyu Zeng (Senior Principal Software Engineer, Security Lead, DELL Technologies) |
Conference | Open Source Summit + ELC North America |
Conf Tag | |
Location | San Diego, CA, USA |
Date | Aug 19-23, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Evaluating security risks and conducting threat modeling are challenging for open source project contributors and adopters. There are rarely enough people, or people with experience, to tackle these tasks properly. In this session, come learn about a practical, agile approach to threat modeling with STRIDE model for open source projects, using EdgeX Foundry as an example, regardless whether you are going to contribute to an open source project or are going to evaluate and include some open source libraries into your next project. We will share our experience on security threat modeling and risk assessment during the development of EdgeX Foundry - a vendor-neutral, open source, hardware and OS agnostic Linux Foundation project to create a common open platform for IoT edge computing systems. After the presentation the audience will be familiar with general steps of threat modeling and how to apply them on their next project.