Be the first to like this
A comprehensive application threat model demands specialized skills and expertise which might be difficult to avail considering the increasing resource gap in software security market. Making a scalable threat model framework is difficult even for big enterprises. Even the tools that help to manage the threat modeling process have limitations. In this talk, we will present control-based threat modeling to explore the possibilities of moving from a traditional threat-library based threat model to a more developer-centric threat model and how this paradigm change may add value towards developing secure software.