About Show #407
How do you look at the potential security threats in your organization? Richard talks to Robert Hurlbut about threat modeling. Robert talks out talking about we all threat model in our day-to-day lives, after all, we put locks on doors and windows for a reason. But when applied to technology, things get more complex. Are you resisting specific attacks or casual hackers? How much security is enough? Robert references the book Threat Modeling by Adam Shostack and the acronym STRIDE: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation as an approach to planning the overall threat models to your software, systems and organization.
Robert Hurlbut is an independent consultant based in Massachusetts and Connecticut. Robert specializes in software security and software architecture. He is a past Microsoft MVP in Developer Security 2005-2009, and speaks at national and international conferences, code camps, and user groups and provides training to clients. He has led the Boston .NET Architecture Group for ten years. He is currently working on his first Pluralsight course on Threat Modeling. You can follow Robert on his web site at roberthurlbut.com and his blog and on Twitter talking about secure design, secure development, and architecture.