Evolving Threat Modeling for Agility and Business Value

March 15, 2021

Traditional threat modeling approaches are no longer scalable or accurate in an agile, cloud-based, microservices world. How can we evolve threat modeling to fit DevSecOps processes?

Download PDF

Threat modeling represents a plethora of different practices to analyze a system from a security perspective.

In the early days, threat modeling was much simpler and based on systems where threat vectors against the system were well-known. In such cases creating diagrams manually was easier — we had controlled access to the few systems that were available. But in today’s DevSecOps world, things look quite different.

In this whitepaper, we focus on threat modeling from a general perspective, without delving into a specific methodology. The considerations and recommendations collected here should therefore be applicable to most approaches.

Evolving Threat Modeling for Agility and Business Value

Threat Modeling: Finding the Best Approach for Your Organization

The Total Economic Impact Of Security Compass SD Elements

Scale Threat Modeling with SD Elements

Is next-gen threat modeling even about threats?

Threat Modeling Solutions Evaluation Checklist

How to Automate Threat Modeling to Save Time and Money, and Mitigate Risk

What is Threat Modeling?

How To Breathe New Life into Your Security Training Program with Games

Publish-Subscribe Threat Modeling

Survey: The 2021 State of DevSecOps

Cloud Computing Trends: The State of Cloud Adoption in 2021

Secure Development for Developers

Data Flow Diagrams and Threat Modeling

Threat Modeling: An Essential Cornerstone of DevSecOps Culture

Navigating the PCI Software Security Framework (SSF)

Complete Guide to Using SD Elements for Cloud Migration

Challenges With Diagrammatic Threat Modeling

Firmware Security: How to Identify and Prevent Vulnerabilities

A New Approach to Threat Modeling

Best Practices to Ensure Firmware Security