Revised Threat Modeling
During the last three years I have been working with clients and speaking at industry Security events on threat modeling. Threat Modeling was introduced at Microsoft during the development of Windows Server 2003 as a major component to the Microsoft Security Lifecycle for application development. Over the last few years we have made some significant changes to improve the process based upon the experiences within Microsoft and those of our clients.
Recently, I presented the revised threat modeling process at the West Coast Security Forum on November 14th, 2005 in Vancouver, BC.