(POLL) To DFD or not to DFD?

  • 16 November 2023
  • 1 reply

Userlevel 2

They say a picture is worth a thousands words and so including some kind of diagram in your threat modelling process likely aids in understanding the system being threat modelled.  But some diagrams can end up looking like “spaghetti and meatballs”, depending on the complexity of the system.

I thought would be interesting to take the pulse of the community on this topic, so we can better understand what approaches are being used.

Note, if your threat modelling approach uses lots of diagrams, perhaps just answer for the scenario where you were forced to choose just one.

What type of diagram do you require for your threat models?

1 reply

Userlevel 2

DFDs and incorporating Trust Boundaries/Zones that take into account ease of exploitation for a more accurate risk score.