In the video linked below, I am joined by two cybersecurity experts from Ford Motor Company. We discuss the value that threat modeling can bring to DevSecOps by moving things left (forward/sooner). During the discussion, I mention drawing a picture of the process under review; this is explained in more detail in my post about creating a data flow diagram (click here).
Threat modeling is the process of:
- identifying potential threats
- enumerating the risks and consequences if the threat leads to a vulnerability
- that then leads to an exploit.
A compelling digital strategy finds a balance between maintaining what you already offer while providing new, disruptive ideas that will get you to next level, hold off competition, and entice new customers. We present five digital essentials to help you rise to the challenge.
Like all modeling, there are multiple methods of deriving and categorizing these risks. I often use Confidentiality, Integrity, and Availability (CIA).
To identify bugs as early in the lifecycle as possible (shift left), threat modeling is an invaluable tool as it is employed early in the design phase before any code is written. With the potential threats and associated risks enumerated, architects and developers can address them during development instead of after. Infrastructure engineers can also put in compensating controls that lessen the likelihood of a vulnerability being exploited and/or lessen the impact of an exploit.
It is generally understood that shifting left is an important way of controlling software costs and producing higher quality. Threat modeling is yet another tool for the toolbox.