Skip to Main Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner content levelBeginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Book available
Content preview from Threat Modeling

Chapter 5. Continuous Threat Modeling

“Who are you?” said the Caterpillar.

This was not an encouraging opening for a conversation.

Alice replied, rather shyly, “I—I hardly know, Sir, just at present—at least I know who I was when I got up this morning, but I think I must have been changed several times since then.”

“What do you mean by that?” said the Caterpillar, sternly. “Explain yourself!”

“I can’t explain myself, I’m afraid, Sir,” said Alice, “because I am not myself, you see.”

Lewis Carroll, Alice in Wonderland

This chapter introduces you to the process of continuous threat modeling. We also present one implementation, and describe the results from use of this methodology in the real world.

Why Continuous Threat Modeling?

Chapter 3 covered various threat modeling methodologies and pointed out some of their advantages and shortcomings from our experience. When we discussed the parameters used to “grade” those methodologies, you may have noticed that we were leaning heavily toward, for the lack of a better label, something we all call Agile Development.

What we mean by this is any of the existing development technologies that stray away from the waterfall model (whereby a design is first developed, then implemented and tested, with no further modification until the next iteration of the system). We are also talking about those systems that get DevOps’ed a thousand times a day, with developers making frequent changes in their constant drive to improvement. How does threat ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
Security in Computing, 6th Edition

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Publisher Resources

ISBN: 9781492056546Errata Page