What threat modeling methodology most aligns with your threat modeling beliefs? STRIDE, PASTA, OCTAVE, VAST, other?
For me, I think a hybrid approach that centers around the VAST methodology most closely aligns with how I like to approach threat modeling. I favor VAST because it focuses on the entire SDLC lifecycle and supports a scalable solution. The 3 pillars of VAST are automation, integration, and collaboration. Using VAST, you can create a holistic view of the entire attack surface, which enables enterprises to minimize their overall risk.
What is your approach to threat modeling?