Open tuxerrante opened 2 weeks ago
I wasn't planning on mentioning threat modeling frameworks for managing vulnerabilities. They are related, but different.
I am slowly working on a security design review/threat modeling program pack which I will mention them. Personally, I don't use STRIDE/PASTA and most people I know doing threat modeling aren't using it either.
Hi, Do you plan adding a threat modeling (STRIDE, PASTA, cloud native...) chapter in the vulnerability management section?
I would expect it as the first step in proactive risk management since it could then be referenced from the following section about evaluating risk severity (which, to me, seems to not make clear enough the difference between vulnerability evaluation and risk evaluation)
Thanks