Abstract
Adam Shostack, of Shostack & Associates and author of Threat Modeling: Designing for Security, discusses threat modeling, its benefits, and how to add it to an organization’s existing software process. Host Justin Beyer spoke with Shostack about asset-, threat-, and software-centric approaches; diagramming applications and introducing trust boundaries; methods such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege as well as the kill chain and the Elevation of Privilege card game; tooling; bug bars; privacy threats; linkability, identifiability, nonrepudiation, detectability, disclosure of information, unawareness, and noncompliance; selling threat modeling to an organization; and threat modeling for the Internet of Things. We provide summary excerpts below; to hear the full interview, visit http:// www.se-radio.net or access our archives via RSS at http://feeds.feedburner.com/ se-radio.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
