Some of them are even using Microsoft’s Threat Modeling Tool. Most of the organizations we work with using ThreadFix to track threats and threat models are using some variant of the Microsoft-style of threat modeling that relies on Yourdon-DeMarco data flow diagrams and the STRIDE threat classification taxonomy. By using some of ThreadFix’s capabilities in a slightly different way it is possible to centralize both threat and vulnerability tracking inside of ThreadFix. Some organizations have also been using ThreadFix to help track their threat modeling programs. ThreadFix is currently optimized to help with vulnerability management – importing vulnerability data from various sources, performing triage on the imported vulnerabilities, and then communicating the triaged vulnerabilities to the tools that developers use for resolution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |