This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session099"

From OWASP
Jump to: navigation, search
Line 160: Line 160:
 
|-
 
|-
  
|summit_session_deliverable_name1 = Making threat modeling more mainstream
+
|summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling
 +
|summit_session_deliverable_name2 = An OWASP standard defining what a threat model is.
  
|summit_session_deliverable_name2 = Clarity on various threat modeling components and how they fit in the process.
+
|summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model.
 
 
|summit_session_deliverable_name3 = An OWASP standard defining what a threat model is.
 
  
 
|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.
 
|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

Revision as of 03:09, 26 January 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)


Email Contacts & Roles Chair
Anurag Agarwal @

Operational Manager
Mailing list
{{{mailing_list}}}
WORKING SESSION SPECIFICS
Objectives
  1. Reviewing existing methodologies and their pros and cons
  2. Assigning business impacts to threats
  3. Assigning technical impacts to threats
  4. Threat Rating System.
  5. Can we bring attack trees into main stream threat modeling methodology?

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A document with a public recommendation on the use of threat modeling

After the Board Meeting - fill in here.

An OWASP standard defining what a threat model is.

After the Board Meeting - fill in here.

An OWASP standard defining a workflow for creating and maintaining a threat model.

After the Board Meeting - fill in here.

A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif

Colin Watson @


Mateo Martinez @


Dinis Cruz @


Jim Manico @


Neil Matatall @


Christian Martorella @


Steven van der Baan @


Nishi Kumar @


Cecil Su @


Antonio Fontes @