Home / Companies / GitHub / Blog / Post Details
Content Deep Dive

How we threat model

Blog post from GitHub

Post Details
Company
Date Published
Author
Robert Reichel
Word Count
1,259
Company Posts That Month
26
Language
English
Hacker News Points
-
Post removed?
No
Summary

At GitHub, threat modeling is a critical process that fosters collaboration between security and engineering teams to enhance system security. This practice involves structured discussions to identify potential vulnerabilities and devise mitigation strategies, which are prioritized due to resource constraints. Regular threat modeling sessions are integrated into the development lifecycle, often using tools like Microsoft's Threat Modeling Tool or OWASP's Threat Dragon, and follow a framework such as Microsoft's STRIDE model to address various vulnerability classes. As threat modeling has matured at GitHub, it has led to system-wide security improvements, proactive design guidance, and enhanced communication between teams, ultimately promoting a security-minded culture. This approach encourages early engagement with security teams, allowing for better anticipation of potential issues and fostering secure design principles before product deployment.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.