Threat Modeling Framework
Most organizations struggle when it comes to identifying the risks associated with their software products, mainly due to a lack of proper framework being utilized. While there are many threat modeling frameworks in the market since late 90's (main one being STRIDE, adopted by Microsoft), the challenge is two-fold:
- the frameworks are too broad and without hand-holding by experts, cannot generate meaningful action items to close gaps.
- the technology landscape, particularly related to cloud, is moving very fast and the frameworks have been left behind. A proprietary framework fills this gap, addressing the need for small businesses and start-ups developing software to understand clearly the unaddressed threats in their respective context without much external help.