¤ B-Sides Portland 2011 Presentation
Most secure development life cycles advocate creating a threat model at design time and updating it as development progresses. Following this advice alone, you will do unnecessary work and receive substantially less benefit than your threat model could provide. Instead, start your threat model at requirements time and use it to select and configure all remaining application-specific secure development activities. Depending on your situation, this could allow you to:
Attendees will learn what to put into a threat model when, what to get out of a threat model when, and how a threat model should control and feed information to other secure development practices. Those using Agile development styles will particularly benefit, since a threat model-driven secure development lifecycle is phase-agnostic.