Hi Ken, I am currently researching the differences between Threat Analysis and Threat Modeling.
I thought your readers on the mailing list may give me a clearer distinction. How I understand it is that *both* identify security threats, determine risk, and create the right countermeasures by analyzing various types of documentation about the system and looking for vulnerabilities and/or areas of weakness. *Threat Analysis* – is more *informal* way of 'eyeballing' system architecture and application design. *Threat Modeling* [Microsoft SDL] – more *formal*, every requirement is modeled and scrutinized. Any additional help you or your readers can provide would be appreciated. Thanks Jason Grembi Web Developer
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
