Page 119 - Cyber Defense eMagazine September 2022
P. 119
What’s next for threat modeling?
Threat modeling is already part of the development process in many businesses and we’ll continue to
see it grow and become a common industry practice. Beyond threat modeling for security issues and
cyber attacks on the system, we will see it be applied to prevent conflict, trolling, bullying and even AI
biases. In the future we will have a more integrated security process that will give development teams a
chance to think about the implications of the decisions they are making for user’s security inside and
outside the platform.
We will continue to see threat modeling develop to become as frictionless and easy to implement as
possible, even as a company grows and the technology is used at scale across a product portfolio. More
and more organisations are integrating threat modeling with their existing tool kit, which works around
standard developer flows.
The current momentum around threat modeling is not just a trend. As more businesses adopt threat
modeling as a practice and the security and financial benefits become more obvious, it will evolve from
a ‘nice to have’ to a must in application and software development, bringing engineering and security
teams closer together and helping businesses scale securely.
About the Author
Stephen de Vries is the Co-Founder and CEO of IriusRisk. He
has a diverse technology background starting as a software
developer, firewall engineer, penetration tester and software
security consultant. Stephen has over 20 years’ experience in
information security; the last six dedicated to building a threat
modeling platform. He was a founding leader of the OWASP
Java Project and contributor to OWASP ASVS and Testing
projects, and contributor to the Threat Modeling Manifesto.
Stephen can be reached online at @stephendv and at
www.iriusrisk.com
Cyber Defense eMagazine – September 2022 Edition 119
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.