A Threat Modelling book, tool, demo and links
Threat modelling should be a part of the design of any system, software or otherwise – hey, it’s just part of the design.
A post on Friday on the Channel 9 site by Frank Swiderski talks about the Threat Modelling tool he has written and mentions his book that has recently been published, co-authored with Window Snyder. See his video here. I can’t comment on the book as my copy is still in the post, but it’s a must for anyone interested in the subject of building secure systems! The tool is pretty cool and helps with the modelling process, using threat trees, integrating with diagrams from Visio and will also output a few report.
For all the appropriate links to stuff about Threat Modelling, go here:
http://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx
Mike
PS in the UK we do indeed spell modelling with 2 ‘l’s!