Threat modeling is an effective process for identifying and prioritizing threats and recommending mitigations for software-based systems. In a world with so many cyber threats, that’s not a bad thing. So, why hasn’t threat modeling been more widely adopted? And is a missing piece the answer to greater adoption?
A Brief History of Threat Modeling
The practice of threat modeling actually dates back to the mid-90s. And unlike almost every other cybersecurity practice, threat modeling has resisted being turned into an easy process.
Unlike things we take for granted like static analysis and penetration testing, threat modeling still requires, to some degree, input from security experts. Even though there are threat modeling tools that automate much of the threat modeling process, it still requires practitioners with security experience to address the one question that can’t really be answered.
The One Question That Can’t be Answered
How do I know if my software is secure enough? That’s the one question that nobody can seem to answer. When doing threat modeling, that question becomes how do I know if my threat model is complete?
Now there are some things we can do to help get us closer to an answer. For instance, we can start by defining “complete” in terms of the delivery lifecycle rather than in terms of everything. That makes the question more manageable.
There are also some best practices we can adopt that help too, like focusing on the Top 10 Architectural Flaws Threat Modeling Identifies. This too will narrow down the question.
At the end of the day, these things only provide “guardrails” for answering the question, not the answer itself. And that’s because there is no definitive answer. Even if there was, it would only be correct for an instant, as most software today resides in dynamic cloud environments that change constantly.
So, the best we can do is to take advantage of automated threat modeling tools, which excel at ingesting and analyzing dynamic environments, and couple them with sufficient cybersecurity expertise to get us to the point where we feel comfortable with our threat model (and our security posture overall). Where can we find such expertise? It takes a community—the ThreatModeler Community—which is the missing piece.
How a Community Helps
The ThreatModeler Community, which launched in November 2022, is envisioned as a place where threat modeling practitioners can contribute their expertise and experience to get everyone doing threat modeling closer to the answer. A community is essential if the goals are to share knowledge, then institutionalize it and then scale it. And threat modeling will become even more important going forward. Why is that?
Because threat modeling has hit an inflection point due to three factors converging now. The first one is compliance, like Executive Order 14028. It is no longer good enough to have secure software. It must also be in compliance too, and threat modeling helps with that.
The second is the maturation of threat modeling tools like that from ThreatModeler. These threat modeling platforms automate much of the threat modeling process. The third is the everything-as-code paradigm which allows users to programmatically reason over software code.
Perhaps the most important part of the community though is its ability to facilitate shared experiences. Practitioners can share their successes and their failures. And more importantly, they can share at what point they feel comfortable with their threat model, and why. And that’s about as close to the answer as many are likely to get.
If you’re interested in threat modeling but aren’t sure where to start, or where to finish, we encourage you to join the ThreatModeler Community. It’s free, it’s growing and there are lots of resources there already. See you there.
Schedule a demo today with our cybersecurity experts and fortify your operations!