Threat modeling is a practice that provides the development team with a definition of security and identification of threats in designing software. Threat modeling is a process of analyzing the software system or application from the perspective of an attacker, and identifying the potential threats, vulnerabilities, and risks that may affect the security of the software system or application. Threat modeling can help to improve the security awareness and mindset of the development team, as well as to guide the security design and implementation decisions of the software system or application. Penetration testing, stakeholder review, or requirements review are not the best practices to provide the development team with a definition of security and identification of threats in designing software, as they are more related to the testing, evaluation, or specification aspects of software development. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 21: Software Development Security, page 1165; CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 8: Software Development Security, Question 8.7, page 303.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit