January 2023
Intermediate to advanced
214 pages
3h 43m
Chinese
Content preview from 威胁建模:安全设计中的风险识别和规避
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
157
第 5 章
持续威胁建模
“你是谁?”卡特彼勒说。
这可不是一个令人鼓舞的对话开场白。
爱丽丝颇为害羞地回答:“先生,我几乎不知道,至少今天早上起床时我还知道
自己是谁,但自那时起我肯定变了好几次。”
“你是什么意思?”卡特彼勒严厉地说,“自己解释!”
“很抱歉,先生,我无法解释自己,”爱丽丝说,“你知道,因为我不是我自己。”
—
路易斯·卡罗尔(Lewis Carroll),《爱丽丝梦游仙境》
本章将介绍连续威胁建模的过程。我们还将介绍一种实现,并描述在现实世界
中使用此方法的结果。
5.1 为什么要进行持续威胁建模
第 3 章介绍了各种威胁建模方法论,并指出了它们的优点和缺点。当我们讨论
用于对这些方法论进行“评级”的参数时,你可能已经注意到,由于缺乏更好
的标签,我们一直倾向于称其为敏捷开发。
我们的意思是指偏离瀑布模型(首先开发设计,然后实施和测试设计,直到系
统下一次迭代时才进行修改)的现有开发技术。我们还谈论那些每天使 DevOps
获得 1000 次更新的系统,而开发者在不断改进的过程中会频繁更改。威胁建模
如何在这些环境中生存和发展而又不减慢所有人的速度呢?
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.