Cyber security professional Adam Shostack has helped to define the process of threat modeling, having not only been responsible for Microsoft’s approach, providing comprehensive threat modeling training, services, and solutions to client-organizations since 2016, and Adam Shostack is also the author of “Threat Modeling: Designing for Security;” the practical guide that lays out how to do threat modeling throughout the security development lifecycle.
A noted expert and author on the subject of threat modeling, Adam Shostack defined the four-step framework used to threat mode today. Those are:
- What are we working on? This is important to ground threat modeling work and scope it to what can be addressed. It’s also an important collaboration between security professionals and others working on the product or service.
- What can go wrong? This key step is focused on bringing security knowledge to the analysis of a specific system.
- What are we going to do about it? Once a list of potential problems is available, it’s important to address those problems!
- Did we do a good job? Take a look at what’s been done, and assess if you’re satisfied and confident.
To know more go through Adam Shostack – Founder & CEO @ Stealth Startup | Crunchbase