You know how we’re always telling everyone to ‘think like an attacker?’ That’s probably the worst advice you can give anybody, because unless you are one, you can’t think like one.” “You don’t need to be a security expert to do this. Howard told me that is not the case with Microsoft’s approach to threat modeling. We could only conceive of and identify those threats that occurred to us. The idea was similar to what Microsoft accomplishes with threat modeling, but the problem was that we were still constrained by the limits of our own imaginations. When I was a security consultant at EDS, one of the roles I played was to engage with development teams early in the design stage to try and identify security concerns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |