A CTO's Perspective on
Software Threat Classification
Jason Taylor, Security Innovation's CTO and a Microsoft MVP for Developer Security, co-created STRIDE and DREAD threat modeling and classification techniques while at Microsoft earlier in his career. Today, DREAD has proven to be useful far outside of its original intent -- an entire methodology of threat modeling and secure SDLC activities have sprung from that humble beginning.
However, a lot has changed in 17 years. Recently Jason was asked how he would change DREAD if he were to re-create it in today’s security landscape. This whitepaper provides insights on the genesis and next generation of DREAD, and discusses how to apply them to reduce application security risk.
In this whitepaper, Jason will discuss his perspective on:
- A brief history and evolution of DREAD
- Learn why Jason created DREAD and how it's changed since it's first adoption.
- DREAD Today
- How relevant is DREAD 20 years later?
- What contributed to its widespread adption and continuous usage among organizations?
- DEAD and defect management
- DREAD NextGen
- Learn what changes Jason would make if he were to re-create DREAD differently knowing what he knows today.
- What strengths should be preserved and what weaknesses could be improved.
- DREAD in action: Examples of how v2.0 would be applied.