Describe different ways of implementing TM in agile organisations

Track:Threat Model
When:Wed AM-1
Where:Kings
OrganizersSteven Wierckx Steven Wierckx
ParticipantsFraser Scott Fraser Scott , Goher Mohammad Goher Mohammad , Imran Mohammed A Imran Mohammed A , Luis Saiz Luis Saiz , Manuel Jeckelmann Manuel Jeckelmann , Pedro Laguna Pedro Laguna , Ruben Tronçon Ruben Tronçon , Stuart Winter-Tear Stuart Winter-Tear , Sven Schleier Sven Schleier , Tash Norris Tash Norris
Remote ParticipantsPaul Cutting Paul Cutting

WHY

Many organisations are struggling to fit threat modeling to their agile way of working.

What

We will describe one of more ways to implement the different building blocks of threat modeling in the different actions of SCRUM and Kanban. What “deliverables” make sense in agile? For example, when during the SCRUM process would you update the model of what’s being worked on? When do you discover new threats? Who will perform what actions to get all of this done?

Outcomes

Describe a typical SCRUM and Kanban process and show where threat model related building blocks fit. Describe why the specific action is done during that specific phase of the agile methodology.

References

https://owaspsummit.org/Working-Sessions/Threat-Model/Lightweight-Threat-Modeling-Process.html

Register as participant

To register as participant add Describe different ways of implementing TM in agile organisations to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions