Threat Modeling is a Process not a Project

Threat Modeling is a Process not a Project

Developers are starting to embrace the idea that threat modeling is a best practice as part of the secure development lifecycle (SDLC). And if it is, it can no longer be seen as a project. It must evolve into a process. A Project vs a Process Projects and processes...
The Evolving SDLC Paradigm

The Evolving SDLC Paradigm

When considering the evolution of the software development lifecycle, the first thing that comes to mind is the shift from waterfall to agile. The shift to agile was driven by the need for software development to be, well, more agile. From Catalyst Investors, “The...
Can Threat Modeling Save Lives?

Can Threat Modeling Save Lives?

NIST and the FDA think so. It’s hard to find a medical device today that doesn’t use software, have an app or connect to the cloud. And the FDA knows it. So much so that it’s now recommending threat modeling (TM) as a best practice when developing medical devices and...
The Essential Role of Automated Threat Modeling in DevSecOps

The Essential Role of Automated Threat Modeling in DevSecOps

Every developer wants to create secure applications. Unfortunately, there are always some limitations to developing secure applications. And since no one in DevOps seems to be able to wish a secure application into existence, they are stuck following a simple two-step...
How Threat Modeling Can Help You Migrate Securely to the Cloud

How Threat Modeling Can Help You Migrate Securely to the Cloud

Security during cloud migration would be a challenge even if it were done all at once. Since smart cloud migration is done in steps, security during cloud migration becomes even more challenging. Not only are you dealing with two architectures—one on-premises and one...