I’m guessing your here to see the “sexy models”. Well, I’m about to start delivering a session on Threat Modeling, which is about 100x more useful than any runway modeling. I’ll leave the glamour modeling to Tyra Banks and Heidi Klum. (I especially don’t want to fill anyone’s buffer of Kai strolling down a runway in haute couture.)
So what exactly is “threat modeling”. Well, our friends over in the App Dev world having been doing these for years, since it typically relates to Application Security. There’s even a terrific book about it from Window Snyder (yes, her real name) and Frank Swiderski. At Microsoft, Talhah Mir and the ACE team have a blog dedicated to the topic. The book defines it as a methodology for “assessing and documenting the security risks associated with an application“. To that end Talhah Mir and his team have created a tool that helps you known as the Microsoft Threat Analysis & Modeling Tool v2.1. It’s a pretty nice tool and something you need to get into the hands of your Devs if they are not aware. Here’s a quick screen shot of the wizard that you get at launch:
and then some of the things you can work with in the console:
My biggest question is: How Do I Use This Methodology for Security Concerns other than AppDev? Should I be looking at OCTAVE or other threat assessment tools? I look forward to hearing from you!