Threat Modeling: Bridging the Gap Between Developers


            and Security Architects

            By Stephen de Vries, Co-Founder and CEO of IriusRisk


            The application security world is known for friction between security and development teams. However,
            this tension can be eradicated through a development security strategy to bring developers and security
            architects together: threat modeling.



            Protection before it’s too late

            Threat modeling is the act of conducting security analysis before a system is finalised, or even built, to
            detect weaknesses and vulnerabilities in the design of the system and to plan for mitigating insecure
            design. It’s looking left and right on the street before crossing, rather than checking for cars when you’re
            in the middle of the road – looking for threats is better done sooner rather than later.

            Threat modeling can traditionally be done manually using a whiteboard, running as a workshop where
            security experts show the product team which practices to avoid or embrace to enhance security. It can




            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         117
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.