securitytemplates / sectemplates

Open source templates you can use to bootstrap your security programs
https://www.sectemplates.com
483 stars 57 forks source link

Threat modeling #6

Open tuxerrante opened 5 hours ago

tuxerrante commented 5 hours ago

Hi, Do you plan adding a threat modeling (STRIDE, PASTA, cloud native...) chapter in the vulnerability management section?

I would expect it as the first step in proactive risk management since it could then be referenced from the following section about evaluating risk severity (which, to me, seems to not make clear enough the difference between vulnerability evaluation and risk evaluation)

Thanks

securitytemplates commented 5 hours ago

I wasn't planning on mentioning threat modeling frameworks for managing vulnerabilities. They are related, but different.

I am slowly working on a security design review/threat modeling program pack which I will mention them. Personally, I don't use STRIDE/PASTA and most people I know doing threat modeling aren't using it either.