Wow another Microsoft person that talks about threat modeling. Story from Slashdot.org
IT: Microsoft’s Larry Osterman On Threat Modeling
Posted by ScuttleMonkey on Monday October 01, @12:42PM
from the they-threat-model-at-microsoft dept.Schneier has pointed out an excellent series of blog posts about threat modeling by Microsoft’s Larry Osterman. The series focuses on the PlaySound API as an example. “As you go about filling in the threat model threat list, it’s important to consider the consequences of entering threats and mitigations. While it can be easy to find threats, it is important to realize that all threats have real-world consequences for the development team. At the end of the day, this process is about ensuring that our customer’s machines aren’t compromised. When we’re deciding which threats need mitigation, we concentrate our efforts on those where the attacker can cause real damage.”
As we all know Microsoft would say, “Darn hackers!”