WebApp Sec mailing list archives

RE: Threat Modelling

From: "Runion Mark A FGA DOIM WEBMASTER(ctr)" <mark.runion () us army mil>
Date: Mon, 24 May 2004 17:13:12 -0000

Interesting discussion and I would agree.  There is no single tool that can
or will be able to operate on the high or low level of risk assessment or IT
and Network Security.  However, have you considered that this is why there
exists a job field called IT and Network Security Specialist, and one of
their primary tasks is Risk Assessments.  If you really need this job done
rather than buying some incomplete tool...how about hiring a person whom is
trained and has experience in precisely this.

Not doing so and trusting to tools or wizards is like asking if Microsoft
has created a wizard to replace a programming team.  But can't we just pay
you for a wizard that will replace 10 programmers?  The devil is in the
details.  <- Nice quote, thanks.

-
Mark Runion
 

To: webappsec
Subject: RE: Threat Modelling


<snip>

<snip>

Current thread:

RE: Threat Modelling, (continued)
- RE: Threat Modelling brennan stewart (May 22)
  - RE: Threat Modelling Mark Curphey (May 22)
    - Re: Threat Modelling Frank O'Dwyer (May 23)
    - RE: Threat Modelling Mark Curphey (May 23)
    - Re: Threat Modelling Frank O'Dwyer (May 23)
    - RE: Threat Modelling brennan stewart (May 23)
    - Re: Threat Modelling mfranz (May 23)
    - Code Signing Certificate & Chat software george eapen (May 26)
- RE: Threat Modelling Brewis, Mark (May 23)
  - Re: Threat Modelling Frank O'Dwyer (May 25)
- RE: Threat Modelling Runion Mark A FGA DOIM WEBMASTER(ctr) (May 24)
- RE: Threat Modelling Brewis, Mark (May 25)
  - Re: Threat Modelling Frank O'Dwyer (May 25)