Practices and challenges of threat modelling in agile environments

Abstract

Facing the increasing annual cybersecurity costs, threat modelling (TM) is a method to consider security as early as possible in the software development life cycle (SDLC). Thereby, TM helps to identify and address security-related design flaws in information systems. As the original TM approach is based on sequential development, it is not aligned with today’s predominantly agile environments. This results in several challenges. However, TM’s implementation in an agile development approach lacks the recommendations on how to tackle these challenges. Therefore, we assess the state-of-the-art of TM challenges and practices in agile environments by conducting a literature review covering 220 papers. Thereby, we identify nine categories of challenges and six categories of practices. We propose a valuable artefact for practitioners by mapping challenges and practices to the agile SDLC and by creating a matrix highlighting how the practices address the challenges of TM in an agile environment.