Experiences Threat Modeling at Microsoft - Whitepaper

Microsoft's Security Engineering group, has put together a whitepaper entitled “Experiences Threat Modeling at Microsoft” delivering an insight into the security methodologies applied by Microsoft. “Our current methodology uses the diagrams in a technique we call 'STRIDE per element' to provide guidance for non-experts, as well as repeatability. The technique is based on the observation […]

Microsoft's Security Engineering group, has put together a whitepaper entitled “Experiences Threat Modeling at Microsoft” delivering an insight into the security methodologies applied by Microsoft.

“Our current methodology uses the diagrams in a technique we call 'STRIDE per element' to provide guidance for non-experts, as well as repeatability. The technique is based on the observation that the software architecture threats we are concerned with are clustered. The essence of the technique is to note that for each type of element within the Data Flow Diagrams (DFD),” Shostack explained.[…]”

Download (PDF)

Source:→ Softpedia