Enable javascript in your browser for better experience. Need to know to enable it? Go here.
本页面中的信息并不完全以您的首选语言展示,我们正在完善其他语言版本。想要以您的首选语言了解相关信息,可以点击这里下载PDF。
更新于 : Oct 26, 2022
Oct 2022
采纳 ? 我们强烈建议业界采用这些技术,我们将会在任何合适的项目中使用它们。

我们继续推荐团队实施威胁建模——一系列有助于在开发过程中发现潜在威胁并对其进行分类的技术——但是我们想要强调的是,这件事不是只在项目开始时做一次就能一劳永逸的,团队需要避免 security sandwich 现象。这是因为,在任何软件的整个生命周期中,由于外部事件以及需求和架构的调整,可能会出现新的威胁,而现有的威胁将继续发展。这就意味着,威胁建模需要定期重复——重复的频率视情况而定,需要综合考虑诸多因素,例如执行的成本和对业务的潜在风险等。如果结合其他技术使用,例如建立跨功能的安全需求来发现项目所采用的技术有什么公共风险,以及使用自动化安全扫描,这时威胁建模将变得非常有用处。

Nov 2016
采纳 ? 我们强烈建议业界采用这些技术,我们将会在任何合适的项目中使用它们。

With the number of high-profile security breaches in the past months, software development teams no longer need convincing that they must place an emphasis on writing secure software and dealing with their users' data in a responsible way. The teams face a steep learning curve, though, and the vast number of potential threats—ranging from organized crime and government spying to teenagers who attack systems "for the lulz"—can be overwhelming. Threat Modeling provides a set of techniques that help you identify and classify potential threats early in the development process. It is important to understand that it is only part of a strategy to stay ahead of threats. When used in conjunction with techniques such as establishing cross-functional security requirements to address common risks in the technologies a project uses and using automated security scanners, threat modeling can be a powerful asset.

Apr 2016
采纳 ? 我们强烈建议业界采用这些技术,我们将会在任何合适的项目中使用它们。
Nov 2015
采纳 ? 我们强烈建议业界采用这些技术,我们将会在任何合适的项目中使用它们。

With the number of high-profile security breaches in the past months, software development teams no longer need convincing that they must place an emphasis on writing secure software and dealing with their users’ data in a responsible way. The teams face a steep learning curve, though, and the vast number of potential threats - ranging from organized crime and government spying to teenagers who attack systems 'for the lulz' can be overwhelming. Threat Modeling provides a set of techniques, mostly from a defensive perspective, that help you understand and classify potential threats. Turned into 'evil-user stories', threat models can give a team a manageable and effective approach to making their systems more secure.

May 2015
试验 ? 值得一试。了解为何要构建这一能力是很重要的。企业应当在风险可控的前提下在项目中尝试应用此项技术。

At this point the vast majority of development teams are aware of the importance of writing secure software and dealing with their users’ data in a responsible way. They do face a steep learning curve and a vast number of potential threats, ranging from organized crime and government spying to teenagers who attack systems 'for the lulz'. Threat Modelingis a set of techniques, mostly from a defensive perspective, that help understand and classify potential threats. When turned into 'evil user stories' this can give a team a manageable and effective approach to making their systems more secure.

发布于 : May 05, 2015

下载第27期技术雷达

English | Español | Português | 中文

获取最新技术洞见

 

立即订阅

查看存档并阅读往期内容