The cultural divide between application security and developer teams is well known. But threat modeling offers a new strategy to bring these teams together and achieve business benefits. Panelists from ServiceNow and IriusRisk discuss the road map.In this video interview with Information Security Media Group, the panel discusses:
- ServiceNow's threat modeling journey;
- Business benefits achieved through collaboration;
- The future of threat modeling for applications.
Participating in this discussion are:
- Steve Springett, senior manager - product security, ServiceNow
- Stephen De Vries, co-founder and chief executive officer, IriusRisk
- Adam Shostack, president, Shostack and Associates.
Fill out the form to access the recording and full written transcript.
Springett educates teams on the strategy and specifics of developing secure software. He practices security at every stage of the development life cycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.
De Vries started his career as a C, C++ and Java developer before moving into software security. He’s an active contributor to a number of OWASP projects and has helped FTSE 100 companies to build security into their development processes through threat modeling and integrated security testing.
Shostack is a leading expert on threat modeling and has been on IriusRisk’s technical advisory board since its inception. He currently helps organizations improve their security via Shostack and Associates and offers industry-leading threat modeling training. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Shostack is the author of "Threat Modeling: Designing for Security" and the co-author of "The New School of Information Security."
This webinar took place on 20th December 2021.
Bringing you the latest on all things threat modeling and architectural security.