Geeks With Blogs
ex-blog Information security world

Dana Epp posted review of Threat Modeling by Frank Swiderski:

If I could sum up the book in a single sentence it would be something like, "Frank took the ball from Michael in Writing Secure Code (WSC) and ran with it to the goal line." This book picks up where Michael left off, and completes the picture of threat modeling in greater depth. But you would have to expect that. The threat modeling process is evolving at Microsoft and the snap shot we see in this book is knowledge improved upon since the release of WSC. Actually, you will notice a big difference between v1 and v2 of WSC, and this step was logical in the new book.

[Update 02/08/2005] Peter Torr (from SWI team) posted invaluable High-Level Threat Modelling Process document.

[Update 02/24/2005] and he has done it again ;-) and has written a great article on practicle threat modeling.

Posted on Wednesday, August 4, 2004 9:44 AM Security | Back to top

Copyright © John Doe | Powered by: