-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Hi Ken,
>
> I am currently researching the differences between Threat Analysis and
> Threat Modeling.
>
> I thought your readers on the mailing list may give me a clearer
> distinction.
>
>
>
> How I understand it is that *both* identify security threats, determine
> risk, and create the right countermeasures by analyzing various types of
> documentation about the system and looking for vulnerabilities and/or areas
> of weakness.
>
>
>
> *Threat Analysis* ? is more *informal* way of 'eyeballing' system
> architecture and application design.
> *Threat Modeling* [Microsoft SDL] ? more *formal*, every requirement is
> modeled and scrutinized.
>
> Any additional help you or your readers can provide would be appreciated.
I come from a mathematical modeling background, so my opinion may be
skewed a little, but:
analysis leads to a model which can be used in analysis
- --
scott hollatz net [EMAIL PROTECTED]
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
--
"Asn aD ta zlAp em uT zt33rg"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
iD8DBQFF040Z4og1WWfEVRsRAvd2AJ9P0pjcpsbgO0SWphxvL2PRTAaEYwCfeo6Z
AqFy9OLNnUbd5DOYRcwKaws=
=RyHS
-----END PGP SIGNATURE-----
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
