Developer engagement for threat modeling
If developers must threat model, if they are to integrate threat modelling into their development process, how do we go about that? Based on broad experience, demanding that “every change must be threat modelled” will generate significant distrust and inter-organization friction. Mandates rarely work by themselves. Effective developer-centric security, developer empowered threat modelling, typically needs significant help and ongoing support. Brook S.E. Schoenfield explains how his approaches have gotten threat modelling universally adopted by populations of thousands of eager developers.
Log in
Create your account
Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles.
Create an accountLog in with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.