| Track: | Threat Model |
|---|---|
| When: | Wed AM-1 |
| Where: | Kings |
| Organizers | Steven Wierckx Steven Wierckx |
| Participants | Fraser Scott Fraser Scott , Goher Mohammad Goher Mohammad , Imran Mohammed A Imran Mohammed A , Luis Saiz Luis Saiz , Manuel Jeckelmann Manuel Jeckelmann , Pedro Laguna Pedro Laguna , Ruben Tronçon Ruben Tronçon , Stuart Winter-Tear Stuart Winter-Tear , Sven Schleier Sven Schleier , Tash Norris Tash Norris |
| Remote Participants | Paul Cutting Paul Cutting |
WHY
Many organisations are struggling to fit threat modeling to their agile way of working.
What
We will describe one of more ways to implement the different building blocks of threat modeling in the different actions of SCRUM and Kanban. What “deliverables” make sense in agile? For example, when during the SCRUM process would you update the model of what’s being worked on? When do you discover new threats? Who will perform what actions to get all of this done?
Outcomes
Describe a typical SCRUM and Kanban process and show where threat model related building blocks fit. Describe why the specific action is done during that specific phase of the agile methodology.
References
https://owaspsummit.org/Working-Sessions/Threat-Model/Lightweight-Threat-Modeling-Process.html
Register as participant
To register as participant add Describe different ways of implementing TM in agile organisations to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions