During a threat modeling exercise for a large development team, hacker and security advocate Alyssa Miller was floored when a developer commented that it would be great when the team moved to a DevOps software development framework.
The misconception? That threat modeling would no longer be required under an agile software development methodology. Yet the discipline is widely applicable to every aspect of business, including development and DevOps software life cycles, Miller says.
“The attitude of a lot of organizations is that they look at DevOps as incompatible with threat modeling because threat modeling is traditionally seen as this giant, onerous task,” she says. “But if you understand the purpose of threat modeling, you can streamline it and do it in a different way that it fits in DevOps.”
On Nov. 17, Miller and 14…