Threat Modeling at Microsoft

A key component of the Microsoft Security Development Lifecycle (SDL) is threat modeling. Threat modeling, which occurs before coding begins, is performed to ensure that features and functionality are designed with security in mind. SDL program manager Adam Shostack discusses Microsoft's approach to threat modeling as follows: "One has a very specific set of design analysis techniques that the author ask his teams to engage in before coding begins, as part of the security development life cycle. People in the security industry approach threat modeling in many different ways; at Microsoft, they've experimented with most of these at different times. Threat modeling can be a requirement solicitation technique or a design analysis technique, but one often focuses on threat modeling from the perspective of assets."