Toreon, a security consulting company, announced a release of a Threat modeling playbook. This is open-source guidance on how to implement a threat modeling on a corporate level and embed it in the software development process. It starts from getting the stakeholders buy-in, further to the training of people, improvement of processes, and finally covering tools to be used. This work is a result of combining the threat modeling vision and strategy with OWASP best practices like OWASP SAMM and the AppSec champion playbook.

We encourage you to examine the playbook on GitHub and/or view the introductory webinar on YouTube.

In Berezha Security we understand the importance of Threat Modeling practices. You can take a look at one of the presentations Vlad Styran, our co-founder and VP, has delivered on this topic. The Threat Modeling topic is also a part of our Application Security Training for developers, which may be a good support in your adventure in the threat modeling implementation journey.