We Are Doing It Wrong: Threat Modeling

Explore common pitfalls and misconceptions in threat modeling during this 35-minute conference talk from DevConf.CZ 2024. Delve into bad practices and their potential exploits as presented by speaker Bogomil Shopov. Learn why relying on a single person for threat modeling can be detrimental and how diverse perspectives contribute to more robust security assessments. Examine real-world scenarios, including treating threat modeling as an annual team-building exercise and overconfidence in existing models. Gain insights from the speaker's experiences surviving two preventable breaches. Engage with this interactive presentation, filled with entertaining anecdotes and metal music, designed to challenge and improve secure software development practices across all roles in the development chain.