Issue No. 04 - July-Aug. (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.47
Danny Dhillon , EMC Corporation
Threat modeling at the design phase is one of the most proactive ways to build more secure software. Identifying and resolving potential security issues early avoids costly reengineering that occurs later in the development life cycle. However, traditional approaches to threat modeling require significant security expertise and the ability to think like an attacker—characteristics that not all software designers and engineers possess. This article describes a large software vendor's real-world experiences with threat modeling, including major challenges encountered, lessons learned, evolution of a threat-modeling approach, and a description of the company's current developer-driven approach.
Secure design, secure architecture, security development life cycle, threat modeling, risk analysis, software security, application security
D. Dhillon, "Developer-Driven Threat Modeling: Lessons Learned in the Trenches," in IEEE Security & Privacy, vol. 9, no. , pp. 41-47, 2011.