« Twitter-enabled Information Disclosure in Sports | Main | Floors and Ceilings »

Comments

Marinus

I agree the primary purpose should be the appropriate selection of controls. Threat modeling is a heuristic nothing more.

Stan

What about code that is already in production? It seems difficult to threat model things that are already running business critical processes.

The comments to this entry are closed.