Threat modelling

1 post

STRIDE Threat Modelling vs DREAD Threat Modelling

STRIDE Threat modelling Which THREAT modelling framework/methodology should I go for? This is a very common question nowadays, since the “Shift-left revolution”, we have all been trying to introduce security as early into the SDLC as possible (if we aren’t? we should!). THREAT modelling is the foundational activity of shifting left, which basically means finding threats early into the SDLC. Finding threats early in the software development lifecycle helps you save costs in terms of time, finances and more importantly possible reputational damage. Now that you are sold on doing threat modelling in the design phase of SDLC, the question […]