Threat Model (Track)

Working Sessions related to Threat Modeling Security

Organizer(s): Tony UV , Steven Wierckx

Participants(s): Robert Hurlbut (remotely) , Stephen de Vries , Adam Shostack , Marco Morana , Sebastien Deleersnyder , Francois Raynaud , Marc Rimbau , Dinis Cruz , Robert Morschel , Avi Douglen , Irene Michlin , Geoff Hill , Irene Michlin

Scheduled Working Sessions

(when)

Monday

Tuesday

Wednesday

Thursday

Friday

AM-1
PM-1
PM-2
PM-3
Eve

Not Scheduled Working Sessions

These Working Sessions are currently NOT scheduled to occur in one of the main Rooms. This doesn't mean that they will NOT happen. Participants will be able to work on this Working Session (or others created during the Summit) at specific locations and times.

Related Working Session(s)

Summary

Work on multiple Threat Modeling topics and improve existing materials.

Key goals for the week are the following:

  • Pain of manual processes and how to optimise them
  • Linking threat models and sub-threat models together
  • Creating threat model templates for security patterns
  • Define a taxonomy of terms (to be sent out prior to summit as RFC)
  • Better threat model diffing
  • Integration into DevOps
  • Use of output by downstream systems… development, test, deployment, etc
  • Making the infrastructure and system (as opposed to just software) threat modeling more mature
  • Unified input and output in a sSDL
  • Simplifying threat modeling for business environments
  • Scaling threat models throughout an organization (central storage, versioning control, etc)
  • Automating threat models

Resources and links (please add more):



Back to list of all Working Sessions and Tracks

Edit this page here