Skip to content

A playbook for self-serve, continuous threat modelling.

License

Notifications You must be signed in to change notification settings

danieldavidson/continuous-threat-modelling

Repository files navigation

Continuous Threat Modelling

Continuous threat modelling (CTM) is a threat modelling approach that enables engineering teams to perform threat modelling autonomously from the security team. The approach is evolutionary, dynamic and should mesh well with teams using Agile and evolving system architectures.

Continuous_Threat_Modelling.md helps create the initial threat model. While the Secure_Developer_Checklist.md helps keep the model up-to-date and relevant.

Contributing

All manner of contributions are welcome. The approach is in early development and the focus is on creating a simple, effective, easy to use workflow.

  • Changes are welcome via pull request.
  • Use informative commit messages and pull request descriptions.
  • Keep style consistent.
  • Keep things simple.
  • Focus on principles.

This work is a derivative of "Continuous Threat Modeling" by Autodesk, used under CC BY-SA 4.0. This work is licensed under a CC BY-SA 4.0 by Daniel Davidson.

CC BY-SA 4.0

About

A playbook for self-serve, continuous threat modelling.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published