Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate ...
With the implementation of new cybersecurity guidelines put forth by FDA in September 2023, the role of the contract manufacturer in threat identification and device safeguarding has become a ...
John is a professional author, currently publishing evergreen and feature articles for Android Police. He discovered his passion for writing when he was very young, and enjoys how it challenges him ...
The Internet of Things (IoT) is changing the way we interact with the world around us. Over the next few years, billions more connected devices will enable us to drive efficiency, boost productivity, ...
Today, let me contrast two 20-year-old papers on threat modeling. My first paper on this topic, "Breaking Up Is Hard to Do," written with Bruce Schneier, analyzed smart-card security. We talked about ...
Application threat modeling has gotten a bad rap over the years. Security leaders looking to implement application threat modeling with their product teams must contend with stakeholders who see it as ...
Over years of teaching threat modeling — including the STRIDE mnemonic, which I'll describe here — I've found that people often get stuck when trying to answer "what can go wrong?" My favorite way to ...