Diffing and Version Control Threat Models

A threat model should be a living artefact that evolves with the project, but how can we achieve this with the available tools? We need some best practices that teams can adapt, if we want threat modelling to become a wide-spread practice.


We tell teams to make their threat model a living artefact, but what are the actual practices and techniques to do that?


…what text…


Recommendations documented at OWASP pages Either based on current tools capabilities, or at least set of requirements we’d want implemented in TM tools


The target audience for this Working Session is:

Participants in the threat modeling track Participants in agile appsec track

Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)


…add content…

Back to list of all Working Sessions and Tracks

Edit this page here