Overview
Explore an agile approach to threat modeling for securing open source projects in this conference talk, using EdgeX Foundry as a case study. Learn practical steps for evaluating security risks and conducting threat modeling, even with limited resources or experience. Discover how to apply the STRIDE model to open source projects, whether contributing or adopting them. Gain insights into security threat modeling and risk assessment during the development of EdgeX Foundry, a vendor-neutral, open source IoT edge computing platform. Understand the general steps of threat modeling and how to implement them in your next project, addressing challenges specific to open source security. Examine the Strata Model, Security Triangle, and Classification Model for effective threat mitigation. Acquire valuable knowledge on when to start modeling, who can perform it, and how to navigate the "dark side" of threat modeling in open source environments.
Syllabus
Introduction
Tingyu Introduction
Agenda
Section 1 Introduction
Section 2 Introduction
Section 2 Motivations
Section 3 Architecture
How EdgeX Works
Agenda for Section 2
Open Source Project Security Challenges
Strata Model
Section 3 Overview
When should we start modeling
Who can do that
Steps for Threat Modeling
Security Triangle
Classification Model
Threat Mitigation
Threat Modeling
Mitigation
Dark Side
Conclusion
Reference
QA Session
Deployment Scope
Working Group
Taught by
Linux Foundation