How Does Threat Modeling Work in Software Development?

Question: How does threat modeling work in software development?

Archie Agarwal, founder and CEO, ThreatModeler: Threat modeling is the process of identifying potential threats and taking action to prevent them. We all do this in some form, from buying a better lock for our new bicycle to putting a PIN on our mobile phone.

In the cycle padlock example, a determination is made as to the value of the bike, the likelihood of theft, and the value of investing in a more robust padlock. This is threat modeling – and it is no different in software development. We look at the threat landscape, assessing the likelihood of attack, the value of the asset, and the path a miscreant would take, and put an appropriate control in place to thwart them.

Threat modeling should be included early in the software development life cycle. Sadly, many security practices are reactive and applied at the end instead. Threat modeling is a proactive security practice and should be part of the secure design initiative. In fact, threat modeling is the primary route to secure design.

The benefits of threat modeling early are many. It is far more challenging and resource-intensive to re-engineer security after the fact than it is to weave it into the design and build from the start. Threat modeling should be a continuous process alongside the development process, not a one-time project.

The truth is, threat modeling is natural to us and highly intuitive and approachable. It should be part of every software development process.