How we threat model
Blog post from GitHub
At GitHub, threat modeling is a critical process that fosters collaboration between security and engineering teams to enhance system security. This practice involves structured discussions to identify potential vulnerabilities and devise mitigation strategies, which are prioritized due to resource constraints. Regular threat modeling sessions are integrated into the development lifecycle, often using tools like Microsoft's Threat Modeling Tool or OWASP's Threat Dragon, and follow a framework such as Microsoft's STRIDE model to address various vulnerability classes. As threat modeling has matured at GitHub, it has led to system-wide security improvements, proactive design guidance, and enhanced communication between teams, ultimately promoting a security-minded culture. This approach encourages early engagement with security teams, allowing for better anticipation of potential issues and fostering secure design principles before product deployment.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.