After the challenge of integrating security into agile project methods and DevOps processes has been addressed by means of DevSecOps, the next integration problem is right around the corner: threat modeling!
If we can build our software reliably, reproducibly and quickly at any time using pipeline-as-code and have now also automated security scans using suitable tools, how can we also quickly capture the risk landscape of our projects?
Actually, something like this happens in elaborate workshops with a lot of discussions as well as model work on the whiteboard. These events are quite useful and important, because only with this depth some threats in an architecture can be detected in time. It’s just a pity that it usually stops there: instead of a living model, a slowly but surely eroding artifact emerges.
To counteract this process of decay, something continuous is needed, something like “Threat-Model-as-Code” in the DevSecOps sense. See the ideas behind this approach in this talk: Agile and developer-friendly threat modeling directly from the IDE – in true style with a live demo using open source tools.
Result? Models editable in developer IDEs and diffable in Git, automatically rule-based derived risks including graphical chart and report generation with mitigation measures. The architecture is changing? A fresh run provides the current risk view …