Sdl Series
December 2008
SDL SERIES, ARTICLE #4
SDL Series - Article #4: Threat Modeling at Microsoft
In this fourth article in the series, we examine how Microsoft uses a technique known as “threat modeling” to detect design issues that could result in product vulnerabilities. Threat modeling is one component of the Microsoft Security Development Lifecycle (SDL).
Content
The Microsoft SDL What is Threat Modeling? A Security Frame of Mind The Threat Modeling Process Mitigating Threats Threat Modeling as a Quality Gate Threat Model Inspection Effectiveness of Threat Modeling Conclusion About the Authors
The Microsoft SDL
Microsoft developed the SDL as a holistic approach, designed to increase the security of products. As shown in figure 1, the SDL infuses the software development lifecycle with training, tools, and techniques designed to reduce the number and severity of vulnerabilities.
Other Papers in the Series
Figure 1: SDL Techniques as part of the Software Development Lifecycle
Article #1: Investigating the SDL at Microsoft Article #2: Security Education at Microsoft
What Is Threat Modeling?
A key component of the Microsoft Security Development Lifecycle (SDL) is threat modeling. Threat modeling, which occurs before coding begins, is performed to ensure that features and functionality are designed with security in mind. SDL program manager Adam Shostack discusses Microsoft’s approach to threat modeling as follows: “We have a very specific set of design analysis techniques that we ask our teams to engage in before coding begins, as part of the security development life
Article #3: The Microsoft Security Org Chart Article #5: Microsoft Security Toolbox Article #6: Microsoft’s Security Response Article #7: Evolution of the Microsoft SDL Article #8: Microsoft SDL Investigation: The Wrap Up
2 cycle. People in the security industry approach threat modeling in many different ways; at Microsoft, we’ve experimented with most of these at different
SDL SERIES, ARTICLE #4
SDL Series - Article #4: Threat Modeling at Microsoft
In this fourth article in the series, we examine how Microsoft uses a technique known as “threat modeling” to detect design issues that could result in product vulnerabilities. Threat modeling is one component of the Microsoft Security Development Lifecycle (SDL).
Content
The Microsoft SDL What is Threat Modeling? A Security Frame of Mind The Threat Modeling Process Mitigating Threats Threat Modeling as a Quality Gate Threat Model Inspection Effectiveness of Threat Modeling Conclusion About the Authors
The Microsoft SDL
Microsoft developed the SDL as a holistic approach, designed to increase the security of products. As shown in figure 1, the SDL infuses the software development lifecycle with training, tools, and techniques designed to reduce the number and severity of vulnerabilities.
Other Papers in the Series
Figure 1: SDL Techniques as part of the Software Development Lifecycle
Article #1: Investigating the SDL at Microsoft Article #2: Security Education at Microsoft
What Is Threat Modeling?
A key component of the Microsoft Security Development Lifecycle (SDL) is threat modeling. Threat modeling, which occurs before coding begins, is performed to ensure that features and functionality are designed with security in mind. SDL program manager Adam Shostack discusses Microsoft’s approach to threat modeling as follows: “We have a very specific set of design analysis techniques that we ask our teams to engage in before coding begins, as part of the security development life
Article #3: The Microsoft Security Org Chart Article #5: Microsoft Security Toolbox Article #6: Microsoft’s Security Response Article #7: Evolution of the Microsoft SDL Article #8: Microsoft SDL Investigation: The Wrap Up
2 cycle. People in the security industry approach threat modeling in many different ways; at Microsoft, we’ve experimented with most of these at different
References: 1 Threat Modeling Tool Demonstration Video: http://download.microsoft.com/download/1/5/0/150636A99EA8-4D00-9E6B-2723F4C188B4/Microsoft SDL Threat Modeling Tool.wmv About the Authors Scott Swigart and Sean Campbell originally began their careers as Developers, DBAs and technical trainers. In 2000, they teamed up and grew a technical consultancy business, which they sold in 2006. Scott and Sean went on to found Cascade Insights, a boutique firm focused on providing technical analysis and strategic insight on emerging and converging technologies, across both closed and open source environments. You can learn more about Scott and Sean at www.cascadeinsights.com as well as at the www.howsoftwareisbuilt.com blog.