Defining Threat Modeling and Its Role in the SDLC
Threat modeling is one of the most essential, and misunderstood, component of the software development lifecycle. It identifies potential threats and vulnerabilities early on in the process, mitigating the risk of attacks, and reduces the overall cost to develop and maintain secure applications.
In this interview, Matthew Coles, senior principal product security engineer at Dell, and Izar Tarandach, principal security engineer at Squarespace, share their definition of threat modeling and explain how you can integrate threat modeling into the software development lifecycle. They also talk about the Threat Modeling Manifesto and how to put it to work to manage cyber risk.
Matthew and Izar have many years of experience in the IT security industry and have contributed to community initiatives, such as SAFECode. They co-authored a book on threat modeling titled “Threat Modeling: A Practical Guide for Development Teams.”
Matt and Izar will discuss the concept of threat modeling, its objectives and the part it plays in the software development lifecycle at Secure Coding Virtual Summit on March 24. They will explore the recently published Threat Modeling Manifesto as a framework to develop your own threat modeling practice, see the fundamental concepts of system modeling and threat elicitation, and end up with a view of threat-modeling-with-code and an open source framework to support it.
To learn more about threat modeling and the Threat Modeling Manifesto, attend Matt and Izar’s session at Secure Coding Virtual Summit. To check out the full agenda and to register for free, visit the Secure Coding website.
