Analyst Report
SDL Series - Article #4: Threat Modeling at Microsoft
Published: 12/24/2008
This article is the fourth in the "SDL series" – a set of 8 articles investigating the Microsoft Security Development Lifecycle. In this series, through extensive interviews and research, the authors pull back the covers on Microsoft's Security Development Lifecycle- a development practice upon which millions of users (and billions of dollars) depend.

Summary
Security doesn't start with coding, it starts with secure design.  In this article, you'll see how Microsoft uses threat modeling to ensure secure design and prevent vulnerabilities that could not be fixed with simple coding changes.
Included in this document
  • The Microsoft SDL
  • What is Threat Modeling?
  • A Security Frame of Mind
  • The Threat Modeling Process
  • Mitigating Threats
  • Threat Modeling as a Quality Gate
  • Threat Model Inspection
  • Effectiveness of Threat Modeling
  • Conclusion
  • About the Authors