Evolving Threat Modeling to Fit DevOps

July 16, 2020

Traditionally, we perform threat modeling using some type of predefined framework like STRIDE to make a data flow diagram and recommend mitigation. The challenge with this threat modeling approach is that it doesn’t fit easily in a fast-moving DevOps pipeline. For DevOps to work effectively, artifacts are considered to be a minimum viable product agreed upon for delivery. In the case of threat modeling, we need to fit into this rapid cadence that emphasizes scalability and is also lean.

In this webinar, we will discuss strategies for closing the gap, such as policy-driven development and business risk filtration, to scale our threat modeling approach and maximize the potential for automation.

Expected Learning

  • Why is traditional threat modeling not good enough?
  • How do you connect business risk with threat modeling?
  • How do you scale your threat modeling approach?
Previous Video
Research Perspectives on Lightweight Security Risk Assessments Using Attack Trees
Research Perspectives on Lightweight Security Risk Assessments Using Attack Trees

In this webinar, we talk about our ongoing research in automating attack trees for security control generat...

Next Video
Threat Modeling
Threat Modeling