Threat Modeling: Protecting Our Nation's Complex Software-Intensive Systems
Software Engineering Institute (SEI) Podcast Series · Alex Vesey, Natasha Shevchenko, Tim Chick
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In response to Executive Order (EO) 14028, Improving the Nation's Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI's CERT Division, sit down with Timothy Chick, technical manager of CERT's Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can guide system requirements, system design, and operational choices to identify and mitigate threats.