- #Advantages of microsoft free threat modeling how to
- #Advantages of microsoft free threat modeling series
Drugs? Radiation? Surgery? It’s scary, complex, and the wrong choice might lead to a lot of unnecessary pain. If you’re not, judging and analyzing the processes might be a lot like analyzing cancer treatments. If you’re a security expert, you might be able to select the right process. People, eager to threat model, had a number of TM processes to choose from, which led to confusion. The first problem with ‘the threat modeling process’ is that there are a lot of processes. But the experts don’t expose the cracks in a process in the same way as asking everyone to participate. Even for the people who are good at it, putting a process in place is great for coverage, assurance and reproducibility. Some people are great at “think like an attacker,” but others have trouble. The cost is that we have to be very prescriptive in how we advise people to approach the problem. The benefit is that everyone thinks about security early. There’s a large trade-off associated with this choice. We ask feature teams to participate in threat modeling, rather than having a central team of security experts develop threat models. I am critiquing the processes, saying we can do better, in places we are doing better, and I intend to ensure we continue to do better. There are all sorts of issues that our customers will never experience because of that work. A lot of people have put a tremendous amount of work in, and gotten some good results. I want to be really clear that I’m not critiquing the people who have been threat modeling, or their work. In the next posts, I’ll talk about what the process looks like today, and why we’ve made the changes we’ve made.
#Advantages of microsoft free threat modeling series
In this first post of a series on threat modeling, I’m going to talk a lot about problems we had in the past.
In this paragraph, I’m attempting to mitigate a denial of service threat, where prescriptivists try to drag us into a long discussion of how we’re using words.) The processes I’m critiquing here are the versions of threat modeling that are presented in Writing Secure Code, Threat Modeling, and The Security Development Lifecycle books. There is a community which uses questions like “what’s your threat model” to mean “which attackers are you trying to stop?” Microsoft uses threat model to mean “which attacks are you trying to stop?” There are other communities whose use is more like ours. People sometimes want to argue because they think Microsoft uses the term “threat modeling” differently than the rest of the world. There have been a lot of variants of things called “threat modeling processes” at Microsoft, and a lot more in the wide world. So the process evolves, because, unlike Dr No, we want to be aligned with what our product groups and customers want If it’s not, they’ll do as little of it as they can get away with. Human nature is that if a process is easy or rewarding, people will spend time on it. There’s competition for the time and attention of various people within a product team. As each team starts a new product cycle, they have to decide how much time to spend on the tasks that are involved in security. I’d like to start that by talking about some of the things that make the design analysis process difficult, then what we’ve done to address those things.
#Advantages of microsoft free threat modeling how to
So I’m very concerned about how well we threat model, and how to help folks I work with do it better. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. I said recently that I wanted to talk more about what I do.
0 kommentar(er)
