“Misconception 1: Threat Modeling Requires Threat Modeling Expertise
It certainly doesn’t hurt to have years of threat modeling experience creating process flow diagrams or data flow diagrams, but it’s no longer necessary.
It’s not feasible to expect developers to also be security mitigation experts. So, for a while, outside expertise was required to do in-house threat modeling. Today, most of the threat modeling expertise is built right into threat modeling tools making threat modeling is just one more part of a developer’s IDE.”
Check out 2 through 7 on our blog here. Number 5 will shock you! (I couldn’t resist the clickbait CTA 😀)
Do any of these misconceptions resonate with you? Have they held you back from starting a threat modeling project?