The Community for Technology Leaders
RSS Icon
Subscribe
pp:
Danny Dhillon , EMC Corporation, Hopkinton
ABSTRACT
Threat modeling at the design phase has been advocated as one of the most proactive ways to build more secure software. Identifying and resolving potential security issues early avoids costly re-engineering that occurs later in the development lifecycle. However, traditional approaches to threat modeling require significant security expertise and the ability to think like an attacker, characteristics that are not prevalent in all software designers and engineers. This paper describes a large software vendor’s experiences with threat modeling, including major challenges encountered, lessons learned, evolution of the threat modeling approach and a description of the current developer-driven approach utilized by the company.
INDEX TERMS
D.4.6.g Verification, M.12.0.a Case Studies in Industry, D.2.0.a Protection mechanisms, D.2.10.f Methodologies, D.2.10.h Quality analysis and evaluation
CITATION
Danny Dhillon, "Developer-Driven Threat Modeling: Lessons Learned in the Trenches", IEEE Security & Privacy, , no. 1, pp. , PrePrints PrePrints, doi:10.1109/MSP.2011.47
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool