Panel: Leveraging Threat Modeling To Reduce Security Debt presented at Security Development Conference 2012

by Sahba Kazerooni, Shawn Hernan, Chris Romeo, Izar Tarandach,

Summary : The value of introducing security at the design stage of any development process has been well-documented. The idea is that the earlier you plan for security in your project, the less security debt you pay towards the end. Most organizations adopting SDL practices are looking for ways to implement threat modeling as a way to reduce their security debt later in the development lifecycle. Many of these organizations are faced with interesting challenges when they begin integrating threat modeling principles, techniques and tools into their engineering lifecycle. This session will bring together security leaders from several organizations to get their perspectives on threat modeling and discuss their efforts to solve some of the challenges they face in introducing security at the design stage through threat modeling.