Adam Shostack of Shostack & Associates, author of Threat Modeling: Designing for Security, joins SE Radio host Justin Beyer to discuss the steps and different approaches to threat modeling, the benefits it can provide, and how organizations can add it to their existing software development process.
In this episode, you’ll hear about asset-centric, threat-centric, and software-centric approaches to threat modeling; the purpose of diagramming your applications and introducing trust boundaries; and different methods for discovering threats in your model and why you want to select one approach over another. Learn about leveraging threat modeling to find privacy threats, as well as how to sell threat modeling to your organization.
Listen to this podcast episode here
Guest Bio
Adam Shostack (Shostack & Associates) is a leading expert on threat modeling. As a member of the BlackHat Review Board, he helped create the Common Vulnerabilities and Exposures (CVE) list. Shostack is author of Threat Modeling: Designing for Security, and coauthor of The New School of Information Security.
About SE Radio
Software Engineering Radio is a podcast managed by the volunteers and staff of IEEE Software magazine and the IEEE Computer Society. Launched in 2006, it’s a lasting educational resource targeted at professional software developers, not just a newscast.