Speakers
Synopsis
We are all aware of the importance of threat modelling. While some of us have been emphasising this for quite some time, recent publications from CISA (cough cough Secure-by-Design) and others have started to effectively convey the message, especially to executive leadership. However, the quality of threat models varies widely - what defines a "good" threat model?
The challenges we encounter do not end there. The accelerated pace at which we must deliver results diminishes our time and focus due to the rapid expansion of our products, software, repositories, and engineering teams. It's a race against time. Yet, not all hope is lost - we can draw inspiration from the DevOps/GitOps movement by empowering software and platform engineers to consider risks themselves and leverage the same tools, pipelines, and workflows they use in driving significant security enhancements.
This presentation will explore several open-source software (OSS) tools and frameworks, including one developed by the author. It will also provide insights into how you can elevate your secure-by-design initiatives.
