Modelling Threats Out In The Open (Source)Security
Tuesday February 7th, 4:00pm-4:30pm GMT
Churchill, Ground floor
Secure development is hard. Throughout the entire development of an open source project, security needs to be top of mind due to a potential myriad threats. Security matrices backed by a comprehensive threat model may be required, so that the threats of a system can be evaluated. Card games using STRIDE are great when your project has a large core team, but what if you only have a couple of people? What if your threats are better served by DREAD, PASTA or LINDDUN? What even are these acronyms?! Arrgggh! This talk will explore how to make threat modelling easier for developers through an open source tool, Threagile. Equipping yourself with a better understanding of these models will enable you to pinpoint threats before review.
Dan Conn likes to sit in the point between cybersecurity and development and has worked in small startups, large corporates and many in between. He has catered for clients both public and private sector from SME size to enterprise, and is now a Developer Advocate for Sonatype.
When not coding, hacking, or talking about these things… you can find Dan running, skateboarding, DJing or making music!