Issue No. 04 - July-Aug. (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.47
Danny Dhillon , EMC Corporation
This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company's current developer-driven approach. Threat modeling is a conceptual exercise in which we analyze a system's architecture or design to find security flaws and reduce architectural risk.
security of data,
D. Dhillon, "Developer-Driven Threat Modeling: Lessons Learned in the Trenches," in IEEE Security & Privacy, vol. 9, no. 4, pp. 41-47, 2018.