Is next-gen threat modeling even about threats?

2022-03-28 06:00

Many experts attempt to use traditional threat modeling as their first line of business to address security in the SDLC. But what if everyone is doing threat modeling wrong?

The industry standard for how we conduct threat modeling today evolved from past meetings where security professionals piled into a conference room and brainstormed potential threats that might affect their software.

With the development of DevSecOps, modern threat modeling is less focused on detailed analysis of complex threat scenarios.

Modern threat modeling through DevSecOps provides superior results because threat prevention starts from the ground up.

During the early days of threat modeling, the time-consuming and waterfall-style of threat modeling meant that it was performed at a limited scale and rarely kept current.

Which raises the question: If modern threat modeling is not the same as classical threat modeling, why call it threat modeling at all?

News URL

https://www.helpnetsecurity.com/2022/03/28/modern-threat-modeling/

#nextgen #threat #threatmodeling