Now we're really moving! It might only have been a 90 minute session last thing in the working day, but yesterday, we finally managed to convene our very first, "formal", Threat Modelling meeting.
- Good representation - included people from across the spectra of projects, departments, job descriptions and levels - including director!
- Refresher coverage of threat / vulnerability terminology and STRIDE classifications.
- Brief look at the latest SDL Threat Modelling software - well, at least it installed and ran OK - but we reverted to a big whiteboard (thanks Colin!), and directed most of our efforts to:
Yes, we finally got to take the wrapper off Adam Shostick's deck, and play a round of Elevation Of Privilege. Now when I say "a round" I really mean "one trick", as it took the best part of an hour to get just those seven cards played. That also meant that we really concentrated on just Tampering vulnerabilities for the whole session, since it's built into the rules of the game that you must start with that suit.
And that was one of the main lessons learned from this exercise. The card game exists only to facilitate and drive forward the brainstorming exercise. It dislodges little hints of system vulnerabilities, encouraging their discussion in a welcoming, improv-style, "Yes, and..." atmosphere. Anything that impedes this process needs to be removed, even when that involves abandoning or changing certain rules of the game.
Now I just have to get that Data Flow Diagram tidied up and entered into the Threat Modelling tool, in time for the imminent follow-up...