Threat modelling: finding flaws before software goes live

November 3, 2021 admin

Is software secure enough? Or are developers leaving the door open to criminal hackers?

Testing applications for security flaws is time consuming and expensive. And it is not always effective, as the number of zero-day vulnerabilities found in code shows.

The idea of building security in to new hardware and software products from the outset has gained ground over the last few years.

And the move to “shift left” and introduce security by design has gained ground, following growing concerns about supply chain attacks.

One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on the technique in the Nineties.

But it is now being adopted by bodies such as NIST, though its code verification standard, with the goal of reducing zero days.

Our guest in this episode is Stephen de Vries, co-founder and CEO of IriusRisk. De Vries has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.

IriusRisk co-founder Stephen de Vries

Featured image by Benjamin Nelan from Pixabay

Related Articles

Stylised world map with computer code
podcast

DDoS: attacks on the rise?

March 31, 2022 admin

DDoS, or distributed denial of service attacks, continue to plague organisations operating online. Attacks are up 14 per cent on 2019’s figures, according to research by security firm NETSCOUT.  And DDoS attacks are becoming more […]