Threat Model (Track)

Working Sessions related to Threat Modeling Security

Organizer(s): Tony UV , Steven Wierckx
Participants(s): Robert Hurlbut , Stephen de Vries , Adam Shostack , Marco Morana , Sebastien Deleersnyder , Francois Raynaud , Marc Rimbau , Dinis Cruz , Robert Morschel , Avi Douglen , Irene Michlin , Geoff Hill

See schedule for this track

Working sessions in this Track

Related Working Session(s)

Summary

Work on multiple Threat Modeling topics and improve existing materials.

Key goals for the week are the following:

  • Pain of manual processes and how to optimise them
  • Linking threat models and sub-threat models together
  • Creating threat model templates for security patterns
  • Define a taxonomy of terms (to be sent out prior to summit as RFC)
  • Better threat model diffing
  • Integration into DevOps
  • Use of output by downstream systems… development, test, deployment, etc
  • Making the infrastructure and system (as opposed to just software) threat modeling more mature
  • Unified input and output in a sSDL
  • Simplifying threat modeling for business environments
  • Scaling threat models throughout an organization (central storage, versioning control, etc)
  • Automating threat models

Resources and links (please add more):



Back to list of all Working Sessions and Tracks

Edit this page here