threat-modelThe term “one size fits all” has been used for over five decades to describe a method that will work under any circumstance. In theory, the concept sounds great—in reality, not so much.

When it comes to threat modeling, tailor-made solutions are an absolute must. If one has a cookie-cutter approach to mitigating vulnerabilities, he/she is a sure to fail.

Flexibility is the key, says Dark Reading’s Peleus Uhley, a Lead Security Strategist for Adobe. He offers the following advice for deconstructing threat models in his latest article:

Having a threat model for an application can be beneficial in controlling both high-level (who/why) and low-level threats (how/what). The reality is that many companies have gotten away from traditional threat models. Keeping a threat model up-to-date can take a lot of effort in a rapid development environment.

Unfortunately, there is not a one-size-fits-all solution to this problem. The best approach has been to try and keep the spirit of threat modeling, while being flexible on the implementation:

  • There should be a general high-level threat model for each overall application. This method ensures everyone is headed in the same direction, and it can be updated as needed for major changes to the application. A high-level threat model is good for sharing with customers, helping new hires understand the security design of the application, and serve as a reference for the security team.
  • Threat models don’t have to be documented in the traditional threat model format. The goal of a threat model is to document risks and formulate plans to address them. For individual features, this can be a simple paragraph that everyone can understand. Even writing, “this feature has no security implications,” is informative.
  • Put the information where developers are most likely to find it. The threat information can be included directly in the specs, in the code comments or with threat unit tests. This can help eliminate cross-referencing issues when formal threat models exist as completely separate documents.

For more advice on threat modeling, read the full Dark Reading article.

IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.

Threat Model Deconstruction

Leave a Reply