Issue No.03 - May/June (2010 vol.8)
John Steven , Cigital
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.110
Many security managers avoid discussing threat modeling because they perceive it as expensive and difficult. However, threat modeling has become easier, just as it has become more important. Perhaps it's time for another look.
threat modeling, top-N lists, OWASP, Elevation of Privilege, software engineering, security and privacy
John Steven, "Threat Modeling", IEEE Security & Privacy, vol.8, no. 3, pp. 83-86, May/June 2010, doi:10.1109/MSP.2010.110