Adam Shostack -- Fast, cheap and good threat models
The Application Security Podcast
00:00
Is There a Connection Between Threat Modelling and a Questionaire?
i can see a threat bug being what i did i pu put a different machine name into the d n s, put lo characters into the source code. And so what happened? The impact of the threat what were what i think we should do about it is some mitigation. So let'slet men change our direction just a tiny bit. When you start thinking about a questioner as a threat model, you get into the space of evaluating that method of threat modelling against other processes for threat modelling and asking if they're fast and cheap enough to produce quality results.
Transcript
Play full episode
