search menu icon-carat-right cmu-wordmark

Evaluation of Threat Modeling Methodologies

November 2016 Presentation
Forrest Shull

The result of this work is a set of test principles that can help Programs select the most appropriate threat modeling methodologies.

Publisher:

Software Engineering Institute

Abstract

Failure to sufficiently identify computer security threats leads to missing security requirements and poor
architectural decisions, resulting in vulnerabilities in cyber and cyber-physical systems. This research compares practical threat modeling methods (TMMs) that proactively identify cyber-threats, leading to software requirements and architectural decisions that address the needs of the DoD.