Late Threat Modeling

I always suggest conducting Threat Modeling even in advanced dev cycle stages, although it might seem absurd – why would one model threats for something that already has been completed? I often start working with projects that have advanced into their dev cycle, say started to write code, in stabilizing stage, or even in deployment phase.

Threat Modeling takes me step back from code to design and even higher to the architecture. Code may be written perfectly, but no perfect code can save bad design or bad architecture from security breach.

How I Explain Threat Modeling to Customers post can give more answers to the question why. I love the idea of incremental rendering for example. I also loved the comment from Scott Barber who cited somebody else:

"All models are wrong.  Some models are useful."  -- George Box, Industrial Statistician

So conducting late Threat Modeling can be useful in revealing bad design and architecture decisions and changes that took place during the dev lifecycle.

Late Threat Modeling is useful to understand what risks one accepts deploying the application. Some would prefer not even know that, some would like just to know, but my favorite is to know and act applying Security Engineering.

Enjoy your late or on time Threat Modeling

Comments

• Anonymous
  May 29, 2009
  PingBack from http://paidsurveyshub.info/story.php?title=alik-levin-s-late-threat-modeling