Threat Modeling at Microsoft
Interesting paper by Adam Shostack:
Abstract. Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of ‘STRIDE per element.’ The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.
Jeroen • October 13, 2008 7:02 AM
The first paragraph raises a red flag with me:
“a set of processes applied to all Microsoft products with significant security or privacy risks.”
If anything, the past few years should have taught us that in software, security holes can occur in the most innocuous places, and not just in places that we may think of as “high-risk”.