Skip to content
Microsoft Secure

What if you could deploy a process that would help you develop software products and services with better security, shorter development cycles, and fewer surprises for your customers?

Those are some of the benefits of threat modeling, which was the topic of an excellent presentation: New Foundations for Threat Modeling, from Adam Shostack, principal security program manager for Trustworthy Computing, at the RSA Conference USA this week.

Threat modeling is a repeatable process that helps build security (and sometimes privacy) into products and services from the start.  Unlike most security practices, threat modeling can take place even before any code is written, or any new systems are deployed.

A central component of the design phase of Microsoft’s Security Development Lifecycle (SDL), threat modeling can help uncover security threats earlier, before important design and development decisions are made. That in turn allows more flexibility in addressing those threats, helping make it much less likely that you’ll need to change or delay your schedule, or be surprised by security issues after you ship.

The threat modeling process isn’t just for security mavens.  It’s useful for developers or IT professionals as they begin to consider what they’re going to build.  According to Adam, It’s centered on four very simple questions:

1.    What are you building?
2.    What can go wrong?
3.    What are you going to do about it?
4.    How well did you answer questions 1-3?

You can read more about threat modeling as it relates to the SDL on our web site. And an easy way to get started is the Elevation of Privilege card game.

You can also check out Adam’s new book, which is full of specific and actionable ways to consider what you’re building, tools to help you figure out what can go wrong, and what to do about those things.