by threatmodeler | Sep 7, 2023 | CISO, Cloud security, Cloud Threat Modeling, Cyber Risk, DevSecOps, News, Threat Modeling
By Archie Agarwal In an era where cyber threats are constantly evolving, relying solely on reactive security measures is inadequate. The imperative for proactive risk assessment and mitigation has never been greater. Much like CAD drawings provide a blueprint for...
by threatmodeler | Aug 10, 2022 | Blog, Security, Threat Modeling, Threat Modeling Software, ThreatModeler
There’s a difference between building a threat model and creating a threat modeling culture. To be sure one is part of the other, but to understand the difference requires an analogy. Imagine threat modeling as bodybuilding. Building a threat model would be your...
by threatmodeler | Aug 2, 2022 | Blog, Cyber Risk, DevOps, Threat Modeling, Threat Modeling as a Service, Threat Modeling Process
Nobody thinks modeling threats is a bad idea. And yet threat modeling isn’t broadly adopted in the development community yet. Why is that? According to Izar Tarandach and Matthew J. Coles in their book Threat Modeling, it’s because “convincing stakeholders that threat...
by threatmodeler | Jul 26, 2022 | Blog, DevSecOps, Threat Modeling
Like everything else in the world of cybersecurity, threat modeling tools and practices continue to evolve. How is threat modeling evolving? There are five areas where we will continue to see improvement in the future. These are 1) collaboration; 2) ease of use; 3)...
by threatmodeler | Jul 19, 2022 | Blog, DevOps, DevSecOps, Threat Modeling
If you’re intent on creating secure software, then eventually you’re going to have to evolve from DevOps to DevSecOps. But as InfoQ is quick to point out, “DevSecOps isn’t possible by going about normal day-to-day DevOps processes. You can’t tell team members to just...
by threatmodeler | Jul 13, 2022 | Blog, Developers, Insider Threats, Threat Modeling
The old saying, an ounce of prevention is worth a pound of cure, certainly applies to software development. To leverage this benefit, the software industry has embraced the idea of “shifting left”. This is in reference to the linear (aka waterfall) method of software...