Threat modeling is something that probably should be done whenever developing a complex system, especially software, but all too often isn’t. In part this deficiency is caused by lack of knowledge about threat modeling - not many people are talking or writing about it. Much of what is written about threat modeling lacks consistency.
One of the few organizations that writes about threat modeling is Microsoft, but each blog post explaining threat modeling displays significant differences from its peers, an inconsistency probably due to the reality that learning to threat model is an evolutionary process. More disturbingly, their documentation for SDL, which includes sections on threat modeling, lacks cohesion and can cause more confusion as to the goals and processes for threat modeling.
Unsurprisingly, Threat Modeling aims to teach developers the art of threat modeling. And to some extent, it fulfills that goal, by providing a framework to do threat modeling, and exploring good examples of threat models with that framework applied.
Sadly, what Threat Modeling lacks is an updated version. The book is out of print, and dates from 2004. Entire sections are considered no longer applicable by Microsoft, and since this is a Microsoft publication teaching the Microsoft threat modeling approach, the implications are significant. Despite this, Microsoft still seems to continue to use threat modeling, albeit using changing processes.
So, what’s the verdict? Well, Threat Modeling is worth the money if you have a limited budget and no experience with threat modeling. Otherwise its probably better to hire someone onto the team (or to train the team) with experience in threat modeling. I plan to continue researching threat modeling, and risk assessment in general, and if and when I find a better source I’ll be sure to update you.
Threat Modeling can be found through third party sellers at amazon.com.