Traditionally, we perform threat modeling using some type of predefined framework like STRIDE to make a data flow diagram and recommend mitigation. The challenge with this threat modeling approach is that it doesn’t fit easily in a fast-moving DevOps pipeline. For DevOps to work effectively, artifacts are considered to be a minimum viable product agreed upon for delivery. In the case of threat modeling, we need to fit into this rapid cadence that emphasizes scalability and is also lean.
In this webinar, we will discuss strategies for closing the gap, such as policy-driven development and business risk filtration, to scale our threat modeling approach and maximize the potential for automation.
- Why is traditional threat modeling not good enough?
- How do you connect business risk with threat modeling?
- How do you scale your threat modeling approach?