Skip to content
A Continuous Threat Modeling methodology
Branch: master
Clone or download
Latest commit eea2535 Jun 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CONTRIBUTING.md First commit May 29, 2019
Continuous_Threat_Modeling_Handbook.md Typo May 31, 2019
LICENSE.md Add LICENSE.md Jun 4, 2019
README.md
Secure_Developer_Checklist.md First commit May 29, 2019

README.md

Continuous Threat Modeling

CTM is Autodesk's threat modeling methodology enabling development teams to perform threat modeling with minimal initial security knowledge and lesser dependency on security experts. It is an evolutionary, dynamic methodology that should mesh well with teams using Agile and evolving system architectures.

Contributing

All manner of contributions are welcome. The methodology is still relatively young, and emphasis has been placed on simplicity, return-on-investment and building a developer-friendly workflow. We are looking for contributions on the security principles, secure development checklist, and community support - as well as win or less-successful cases, improvement and modification suggestions.

Guidelines

  • Changes are welcome via pull request and we look forward to working with you on changes!
  • Use informative commit messages and pull request descriptions.
  • Keep style consistent.
  • Keep things simple. We are aiming for immediate results and a steady learning curve for developers, making every interaction with the methodology smoother and more rewarding (in terms of number and quality of findings) than the previous.
  • Focus on principles. We are not looking at the small feature of that obscure web framework, rather, we are looking at principles that help developers build an over-arching understanding of security.

Background

For background information on how Autodesk uses the Handbook and Checklist for Continuous Threat Modeling, see "Threat Modeling Every Story: Practical Continuous Threat Modeling For Your Team".

You can’t perform that action at this time.