/continuous-threat-modeling

A Continuous Threat Modeling methodology

OtherNOASSERTION

Continuous Threat Modeling

CTM is Autodesk's threat modeling methodology enabling development teams to perform threat modeling with minimal initial security knowledge and lesser dependency on security experts. It is an evolutionary, dynamic methodology that should mesh well with teams using Agile and evolving system architectures.

Contributing

All manner of contributions are welcome. The methodology is still relatively young, and emphasis has been placed on simplicity, return-on-investment and building a developer-friendly workflow. We are looking for contributions on the security principles, secure development checklist, and community support - as well as win or less-successful cases, improvement and modification suggestions.

Guidelines

  • Changes are welcome via pull request and we look forward to working with you on changes!
  • Use informative commit messages and pull request descriptions.
  • Keep style consistent.
  • Keep things simple. We are aiming for immediate results and a steady learning curve for developers, making every interaction with the methodology smoother and more rewarding (in terms of number and quality of findings) than the previous.
  • Focus on principles. We are not looking at the small feature of that obscure web framework, rather, we are looking at principles that help developers build an over-arching understanding of security.

Background

For background information on how Autodesk uses the Handbook and Checklist for Continuous Threat Modeling, see "Threat Modeling Every Story: Practical Continuous Threat Modeling For Your Team".