[SC-L] [WEB SECURITY] Are people using Threat modeling?
Bret Watson
lists at ticm.com
Thu May 13 08:56:33 EDT 2010
>Sounds like my toolset... I've got some questionaires for them to do
>beforehand - basically education for the architects- they learn that
>if it doesn't come out yes all the way down it will be better if it
>was fixed first
. We've also put together a nice business process to show the heads
(ie the ones that pay in this case) that it would be much cheaper to
not design it broken in the first place... :)
But in the end its interview and writeup :)
Cheers
Bret
>Now concerning the tools:
>- 2 hours meeting with some guys from the business, a developer and
>the application
>business owner
>- I ask questions, they answer them, I take notes
More information about the SC-L
mailing list