Good post on Matasano about threat modeling. Cory talks about the deadly sins in web applications, and chief among them is security features, such as crypto, password features, and roles/privileges. This is a good illustration of what I talked about yesterday when the cure is the problem. Security wants simplicity in the systems they protect, but when security proposes solutions like crypto and RBAC, they almost always become among the most complex part of the system.
This is why I also refine the threat modeling process to make sure people remember to iterate. Its not Software -> Threat Model ->Countermeasures -> Test -> Done. There is at least one more loop in there to threat model the countermeasures you selected.
Wouldn't it be nice to work in a place mature enough to implement ITERATIVE threat modeling and remediation? Most people would be happy just to work in a place that does it once. And I'd be happy to work just about anyplace at this point.
Posted by: Albatross | October 23, 2009 at 05:58 PM
Um, don't ask permission, just do it.
Posted by: Gunnar | October 23, 2009 at 06:00 PM