Automating Architectural Risk Analysis with the Open Threat Model format

When (day):
14:00 - 15:00

Session Video

Session slides

About this session

Architectural risk analysis is a crucial security activity that’s typically carried out manually in workshops.
Although valuable, they are often time-consuming and with engineering teams under increasing pressure to deliver software faster, they require techniques to automate as much of the process as possible.

Fraser will explore these challenges and how infrastructure as code is uniquely able to meet them. He’ll introduce the Open Threat Model (OTM) format and how to create files automatically using open source tools.
We’ll look at how you can operationalize threat modeling with OTM into a DevSecOps workflow - useful if you have multiple teams using different technologies.