|Organizers||Steven Wierckx Steven Wierckx|
|Participants||Adam Shostack Adam Shostack , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Fraser Scott Fraser Scott , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris|
People are clueless on how to start with threat modeling. I propos we create a guide i the style of ASVS where we show in different levels what the steps are that can be done for threat modeling depending on the need and/or maturity of the organisation.
A guide with some levels such as: level 0: you are not doing TM or something ad hoc level 1: you are answering some of the 4 questions but not in a structured way level 2: you do a full 4 question TM for one product level 3: you intregated the full TM in the SDLC and vary the amount/level of the TM according to the risk appetite of that application/system/product
The table of contents for the guide and some content.
Register as participant
To register as participant add
Threat model guide to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions