Secure Coding mailing list archives
differences between Threat Analysis and Threat Modeling
From: shollatz at d.umn.edu (scott hollatz)
Date: Wed, 14 Feb 2007 16:28:36 -0600 (CST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Ken, I am currently researching the differences between Threat Analysis and Threat Modeling. I thought your readers on the mailing list may give me a clearer distinction. How I understand it is that *both* identify security threats, determine risk, and create the right countermeasures by analyzing various types of documentation about the system and looking for vulnerabilities and/or areas of weakness. *Threat Analysis* ? is more *informal* way of 'eyeballing' system architecture and application design. *Threat Modeling* [Microsoft SDL] ? more *formal*, every requirement is modeled and scrutinized. Any additional help you or your readers can provide would be appreciated.
I come from a mathematical modeling background, so my opinion may be skewed a little, but: analysis leads to a model which can be used in analysis - -- scott hollatz net shollatz at d.UMn.eDu information technology systems and services tel +1 218 726 8851 university of minnesota duluth mn usa fax +1 218 726 7674 -- "Asn aD ta zlAp em uT zt33rg" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iD8DBQFF040Z4og1WWfEVRsRAvd2AJ9P0pjcpsbgO0SWphxvL2PRTAaEYwCfeo6Z AqFy9OLNnUbd5DOYRcwKaws= =RyHS -----END PGP SIGNATURE-----
Current thread:
- differences between Threat Analysis and Threat Modeling Jason Grembi (Feb 14)
- differences between Threat Analysis and Threat Modeling scott hollatz (Feb 14)
- differences between Threat Analysis and Threat Modeling Benjamin Tomhave (Feb 14)
- differences between Threat Analysis and Threat Modeling Paco Hope (Feb 22)