• DocumentCode
    1514296
  • Title

    Developer-Driven Threat Modeling: Lessons Learned in the Trenches

  • Author

    Dhillon, Danny

  • Author_Institution
    EMC Corporation
  • Volume
    9
  • Issue
    4
  • fYear
    2011
  • Firstpage
    41
  • Lastpage
    47
  • Abstract
    This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company´s current developer-driven approach.Threat modeling is a conceptual exercise in which we analyze a system´s architecture or design to find security flaws and reduce architectural risk.
  • Keywords
    security of data; architecture system; developer driven threat modeling; lessons learned; security flaws; Computational modeling; Computer security; Encoding; Information security; Software architecture; Secure design; application security; risk analysis; secure architecture; security development life cycle; software security; threat modeling;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2011.47
  • Filename
    5765924
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1514296