Is next-gen threat modeling even about threats?


The threat landscape evolves with technology, and as threats grow in sophistication, there are concerns about major events like the Colonial Pipeline ransomware attack or the Equifax breach repeating themselves elsewhere. While mainstream media focuses on operational cybersecurity, intelligent application firewalls, and other defensive and reactive solutions, the 2021 Verizon Data Breach Investigation Report suggests that insecure code and configuration in software is the root cause that needs to be addressed.

To address the challenges of insecure software development and deployment, the industry is moving to bake security into the software development life cycle (SDLC). Many experts attempt to use traditional threat modeling as their first line of business to address security in the SDLC.

Read more…