Abstract :
This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company´s current developer-driven approach.Threat modeling is a conceptual exercise in which we analyze a system´s architecture or design to find security flaws and reduce architectural risk.
Keywords :
security of data; architecture system; developer driven threat modeling; lessons learned; security flaws; Computational modeling; Computer security; Encoding; Information security; Software architecture; Secure design; application security; risk analysis; secure architecture; security development life cycle; software security; threat modeling;
