Tactical Threat Modeling


The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and
services through the advancement of effective software assurance methods. SAFECode is a global,
industry-led effort to identify and promote best practices for developing and delivering more secure and
reliable software, hardware and services.
This document, in addition to the online training provided by SAFECode (https://training.safecode.org/),
will provide guidance about the process of threat modeling as well as the “generic” framework in which a
successful threat-modeling effort can be conducted. We will suggest basic approaches and more
extensive sources for developing your own workflow. Moreover, we will address issues less explored in
the literature, such as team composition, scaling the effort, threat modeling in Agile environments, and


Leave a Reply

Your email address will not be published. Required fields are marked *