Performance Threat Models

I've been meaning to post this for ages and somehow I kept forgetting.

J.D. and I have long thought that many of the techniques used to do a security threat model are actually directly applicable to doing performance analysis as well.  The idea of threats and mitigations is quite general but more importantly a direct analysis of the architecture is invaluable and its something you can do very early in the lifecycle of a product.  Think of it as "testing" the architecture while it's still just a diagram.

A while ago J.D. produced this analysis which I think you might find useful: https://blogs.msdn.com/jmeier/archive/2007/08/28/performance-threats.aspx

The idea of testing the architecture is something I want to do a lot more of in the next version of Visual Studio (but more on that another time)

Comments

• Anonymous
  November 13, 2007
  Hi Rico, I attented a few sessions on threat analysis at the Tech-Ed in Barcelona 2007 and found them very useful. Interesting stories on internal decisions in Microsoft definately convinced me that you're very serious on security these days. That said, I definately see the resemblance to performance. Will take a look at the link you provided.