Skip to Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Content preview from Threat Modeling

Chapter 5. Continuous Threat Modeling

“Who are you?” said the Caterpillar.

This was not an encouraging opening for a conversation.

Alice replied, rather shyly, “I—I hardly know, Sir, just at present—at least I know who I was when I got up this morning, but I think I must have been changed several times since then.”

“What do you mean by that?” said the Caterpillar, sternly. “Explain yourself!”

“I can’t explain myself, I’m afraid, Sir,” said Alice, “because I am not myself, you see.”

Lewis Carroll, Alice in Wonderland

This chapter introduces you to the process of continuous threat modeling. We also present one implementation, and describe the results from use of this methodology in the real world.

Why Continuous Threat Modeling?

Chapter 3 covered various threat modeling methodologies and pointed out some of their advantages and shortcomings from our experience. When we discussed the parameters used to “grade” those methodologies, you may have noticed that we were leaning heavily toward, for the lack of a better label, something we all call Agile Development.

What we mean by this is any of the existing development technologies that stray away from the waterfall model (whereby a design is first developed, then implemented and tested, with no further modification until the next iteration of the system). We are also talking about those systems that get DevOps’ed a thousand times a day, with developers making frequent changes in their constant drive to improvement. How does threat ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
An Illustrated Guide to AI Agents

An Illustrated Guide to AI Agents

Maarten Grootendorst, Jay Alammar
AI Engineering

AI Engineering

Chip Huyen

Publisher Resources

ISBN: 9781492056546Errata Page