Adam Shostack of Shostack & Associates and author of Threat Modeling: Designing for Security discussed different approaches to threat modeling, the multiple benefits it can provide, and how it can be added to an organization’s existing software process.
Host Justin Beyer spoke with Shostack about the steps associated with threat modeling and the different approaches you can take. Specifically, they discussed methods such as asset centric, threat centric, and software centric approaches to modeling and why software centric is the most beneficial. They also discussed the purpose of diagramming your applications and introducing Trust Boundaries to those diagrams for the purpose of threat modeling.