Russ Mcree (now at Microsoft) has just released the official 1.0 version of the IT Infrastructure Threat Modeling Guide.
I contributed a teeny tiny little bit of reviewage to this when it was in beta, and I have to say, it looked real good. A nice first jab at the problem of looking at whole of your infrastructure risk-wise. At the time, I was already using a similar model at work, but I'm definitely going to be adding this model to the mix.
It's worth a read.
PS: Russ is a great guy and totally open to feedback. If you've got something intelligent and useful to say about the model, please do speak up.
1 comment:
"I contributed a teeny tiny little bit of reviewage to this when it was in beta"
Enough so to warrant your acknowledgment as a Reviewer, your name's in the released document. ;-)
Thanks for the feedback!
Post a Comment