Evaluation of Threat Modeling Methodologies
• Poster
This poster illustrates test principles that can help Programs select the most appropriate threat modeling methodologies.
Publisher
Software Engineering Institute
Abstract
Failure to sufficiently identify computer security threats leads to missing security requirements and poor architectural decisions, resulting in vulnerabilities in cyber and cyber-physical systems. This research compares practical threat modeling methods (TMMs) that proactively identify cyber-threats, leading to software requirements and architectural decisions that address the needs of the DoD. The primary result of this project is a set of tested principles that can help programs select the most appropriate TMMs. Using the most appropriate TMMs will result in confidence in the cyber-threats identified, accompanied by evidence of the conditions under which the TMMs are most effective.
Part of a Collection
SEI 2016 Research Review