Larry Osterman’s posted a really interesting article explaining how Threat Modelling helps his team improve the security of the code they develop.
As Larry goes on to explain the technique’s not new, nor is it rocket science and yet it’s often under utilised in development houses. Part of Microsoft’s Trustworthy computing initative involved introducing the secure development lifecycle – Threat Modelling is an important technique which is now widely adopted by the teams.
A nice feature of the technique is that it’s visual and therefore can be a really useful tool in expressing ideas. A very simple explaination is that Threat Modelling enables the flow of data within a system/component to be modelled (in a similar way to Data Flow Diagrams) together with trust boundaries and associated attack vectors.
Larry’s explaination of how his team use the technique explains it far better than I could as it includes annecdotes.