About Show #407
How do you look at the potential security threats in your organization? Richard talks to Robert Hurlbut about threat modeling. Robert talks out talking about we all threat model in our day-to-day lives, after all, we put locks on doors and windows for a reason. But when applied to technology, things get more complex. Are you resisting specific attacks or casual hackers? How much security is enough? Robert references the book Threat Modeling by Adam Shostack and the acronym STRIDE: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation as an approach to planning the overall threat models to your software, systems and organization.