Difference between revisions of "Summit 2011 Working Sessions/Session099"

Revision as of 00:56, 24 January 2011

Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.

WORKING SESSION IDENTIFICATION
Short Work Session Description	Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)
Email Contacts & Roles	Chair Anurag Agarwal @	Operational Manager	Mailing list {{{mailing_list}}}

WORKING SESSION SPECIFICS
Objectives	Reviewing existing methodologies and their pros and cons Assigning business impacts to threats Assigning technical impacts to threats Threat Rating System. Can we bring attack trees into main stream threat modeling methodology?
Venue/Date&Time/Model	Venue/Room OWASP Global Summit Portugal 2011	Date & Time	Discussion Model participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group	Approved by OWASP Board
Making threat modeling more mainstream	After the Board Meeting - fill in here.
Clarity on various threat modeling components and how they fit in the process.	After the Board Meeting - fill in here.
An OWASP standard defining what a threat model is.	After the Board Meeting - fill in here.
A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
{{{summit_session_deliverable_name6}}}	After the Board Meeting - fill in here.
{{{summit_session_deliverable_name7}}}	After the Board Meeting - fill in here.
{{{summit_session_deliverable_name8}}}	After the Board Meeting - fill in here.

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name	Company	Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
Colin Watson @
Mateo Martinez @
Dinis Cruz @
Jim Manico @
Neil Matatall @
Christian Martorella @
Steven van der Baan @
Nishi Kumar @
Cecil Su @

@@ Line 161: / Line 161: @@
 |summit_session_deliverable_name1 = Making threat modeling more mainstream
-|summit_session_deliverable_url_1 =
+|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099/Deliverable_1
 |summit_session_deliverable_name2 = Clarity on various threat modeling components and how they fit in the process.
-|summit_session_deliverable_url_2 =
+|summit_session_deliverable_url_2 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099/Deliverable_2
 |summit_session_deliverable_name3 = An OWASP standard defining what a threat model is.
-|summit_session_deliverable_url_3 =
+|summit_session_deliverable_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099/Deliverable_3
 |summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.
-|summit_session_deliverable_url_4 =
+|summit_session_deliverable_url_4 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099/Deliverable_4
 |summit_session_deliverable_name5 =