Threat Modeling is a crucial activity for enabling security in the DevOps pipeline. Threat information uncovered, can and should be used to guide security practices in every subsequent phase of the pipeline. The joint Snyk/Puppet 2020 DevSecOps Insights Report highlighted how threat modeling is one of the most impactful activities in terms of security posture.
Unfortunately, traditional methods labor intensive methodologies have caused many organizations to abandon the activity. However, a user story-based approach that focuses on continuous improvement can overcome these challenges and achieve the goals of threat modeling without introducing additional friction. In fact, I'll be sharing practical examples of this in my talk at SnykCon in two weeks.
Get more information and a link to the 2020 DevSecOps Insights report here.