Experiences Threat Modeling At Microsoft

Adam Shostack here.  Last weekend, I was at a Security Modeling Workshop, where I presented a paper on “Experiences Threat Modeling at Microsoft,” which readers of this blog might enjoy.  So please, enjoy!

And while I’m at it, I wanted to draw attention to some of the other presentations that I thought were very interesting, including one by Karine Peralta “Specifying Security Aspects in UML Models” and “Curriculum for Modelling Security: Experiences and Lessons Learned.”