Threat Modeling: Finding Flaws Before Software Goes Live.

Threat Modeling: Finding Flaws Before Software Goes Live.

‍

The idea of building security into new hardware and software products from the outset has gained ground over the last few years.

And the move to "shift left" and introduce security by design has gained ground, following growing concerns about supply chain attacks.

One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on it in the Nineties. But it is now being adopted by bodies such as NIST, with the goal of reducing zero-day vulnerabilities.

In this episode of the Security Insights podcast, Stephen de Vries, Co-founder and CEO of IriusRisk, has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.