Software Engineering Radio - the podcast for professional software developers SE Radio 648: Matthew Adams on AI Threat Modeling and Stride GPT
13 snips
Dec 27, 2024 Matthew Adams, Head of Security Enablement at Citi, dives into the revolutionary role of large language models like Stride GPT in threat modeling. He shares insights on the STRIDE methodology and the historical context of security frameworks. The conversation explores practical applications in web development, the need for contextual judgment in security measures, and overcoming challenges like AI hallucinations. Adams also discusses empowering small businesses through open-source tools and highlights the transformative potential of AI in incident response.
AI Snips
Chapters
Transcript
Episode notes
Threat Modeling Explained
- Threat modeling involves identifying potential security risks and vulnerabilities in systems.
- It's about understanding what can go wrong and finding ways to prevent or mitigate those issues.
Smart Metering Program
- Matthew Adams worked as a security consultant for the UK's smart metering program.
- Threat modeling was crucial because the cost of design flaws in millions of home metering devices could have been billions of pounds.
Cost of Threat Modeling
- Threat modeling is beneficial, but there's a cost-benefit analysis involved.
- While ideal for all tech systems, it's currently cost-prohibitive for most due to the expertise required.