On Threat Modeling

Lately, when the subject about how to actually secure a .NET app or component comes up, a magic phrase is uttered: “threat modeling.” Apparently, this is the thing that tells you how folks could use your well-intentioned code to do bad things. And on a mailing list with a fairly select membership (although not too select — I’m on it : ), the Swiderski, Snyder book Threat Modeling was recommended. And the free threat modeling tool that goes along with the book is hosted right on microsoft.com, which I take as a sign of quality. Model those threats towards a happier, healthier you!

[via Pierre Nallet]