Chapter 5. Continuous Threat Modeling
“Who are you?” said the Caterpillar.
This was not an encouraging opening for a conversation.
Alice replied, rather shyly, “I—I hardly know, Sir, just at present—at least I know who I was when I got up this morning, but I think I must have been changed several times since then.”
“What do you mean by that?” said the Caterpillar, sternly. “Explain yourself!”
“I can’t explain myself, I’m afraid, Sir,” said Alice, “because I am not myself, you see.”
Lewis Carroll, Alice in Wonderland
This chapter introduces you to the process of continuous threat modeling. We also present one implementation, and describe the results from use of this methodology in the real world.
Why Continuous Threat Modeling?
Chapter 3 covered various threat modeling methodologies and pointed out some of their advantages and shortcomings from our experience. When we discussed the parameters used to “grade” those methodologies, you may have noticed that we were leaning heavily toward, for the lack of a better label, something we all call Agile Development.
What we mean by this is any of the existing development technologies that stray away from the waterfall model (whereby a design is first developed, then implemented and tested, with no further modification until the next iteration of the system). We are also talking about those systems that get DevOps’ed a thousand times a day, with developers making frequent changes in their constant drive to improvement. How does threat ...
Get Threat Modeling now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.