Rolling Up an Application Decomposition

Many teams perform their threat-modeling analysis at different levels, some at the feature level and some at the subcomponent level. Eventually these analyses need to be rolled up into a single analysis diagram to better capture the privacy risks that present themselves across the entire component. The question is how to do this effectively. It is not a simple matter of combining the diagrams; often they will overlap or have inconsistencies because features or subcomponents may be designed without awareness of what the entire component looks like. It is the job of the privacy lead with assistance from the feature team to reconcile the individual subcomponent diagrams into a single component diagram.

When ...

Get Privacy What Developers and IT Professionals Should Know now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.