Engineering the Future of Software
November 13–14, 2016: Training
November 14–16, 2016: Tutorials & Conference
San Francisco, CA

Incremental threat modeling: Never try to boil an ocean

2:15pm–3:05pm Tuesday, 11/15/2016
Location: Tower Salon A Level: Intermediate
Average rating: **...
(2.40, 5 ratings)

Prerequisite knowledge

  • A familiarity with software-centric threat modeling concepts and Microsoft's STRIDE methodology

What you'll learn

  • Learn techniques for checking that the current feature under development does not make your security stance worse if the model for the whole system does not exist yet


Threat modeling, a structured method for identifying weaknesses on architectural level, is an invaluable tool for software architects who want to create secure architectures or check existing architectures for security flaws. However, introducing it on existing complex projects requires time that architects and developers may not have, and not every company can afford a Microsoft-style “security push,” where all new development stops in order to focus on security.

Incremental threat modeling that concentrates on current additions and modifications can be time-boxed to fit the tightest of Agile life-cycles and still deliver security benefits. Irene Michlin introduces a technique for performing threat modeling in ongoing projects without a prohibitive initial time investment.

Full disclosure is necessary at this point—threat modeling is not the same as adding tests to the “ball of mud” codebase and eventually getting decent test coverage. You will not be able to get away with doing just incremental modeling—you must tackle the whole architecture at some point. But the good news is that you will approach this point with more mature skills from getting the practice, and you will get a better overall model with less time spent than if you tried to build it upfront.

Photo of Irene Michlin

Irene Michlin


Irene Michlin leads application security competency at IBM Europe. Previously, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures.