Skip to main content

Evolving Threat Modeling for Agility and Business Value

Traditional threat modeling approaches are no longer scalable or accurate in an agile, cloud-based, microservices world. How can we evolve threat modeling to fit DevSecOps processes?

Download PDF

Threat modeling represents a plethora of different practices to analyze a system from a security perspective.

In the early days, threat modeling was much simpler and based on systems where threat vectors against the system were well-known. In such cases creating diagrams manually was easier — we had controlled access to the few systems that were available. But in today’s DevSecOps world, things look quite different.

In this whitepaper, we focus on threat modeling from a general perspective, without delving into a specific methodology. The considerations and recommendations collected here should therefore be applicable to most approaches.