Question: How does threat modeling work in software development?
Archie Agarwal, Founder and CEO of ThreatModeler: Threat modeling is the process of identifying potential threats and taking action to prevent them. We all do it in one way or another, from buying a better lock for our new bike to adding a PIN to our cell phone.
In the bicycle lock example, a determination is made as to the value of the bicycle, the likelihood of theft, and the value of investing in a more robust lock. That’s threat modeling – and it’s no different in software development. We examine the threat landscape, assess the likelihood of an attack, the value of the asset and the path a malefactor would take, and put in place appropriate control to thwart them.
Threat modeling should be included early in the software development lifecycle. Unfortunately, many security practices are reactive and enforced at the end. Threat modeling is a proactive security practice and should be part of the secure design initiative. In fact, threat modeling is the main way to secure the design.
The benefits of early threat modeling are many. It is much more difficult and resource-intensive to rethink security after the fact than to build it into the design and construction from the start. Threat modeling should be an ongoing process alongside the development process, not a one-time project.
The truth is that threat modeling comes naturally to us and is very intuitive and accessible. It should be part of every software development process.