Inner Circle Podcast Episode 028
We talk about the focus of the cybersecurity industry on vulnerability management and incident response, and why that reactive approach may not be the most effective way to address security issues. Brook talks about the importance of threat modeling and secure design to build better, more secure, more resilient software in the first place.
Understanding that–even with threat modeling and secure design–there is no such thing as invulnerable software, we also talk about the importance of the feedback loop and the ability to refine the threat model over time.
The concept of threat modeling and the idea that the software development lifecycle (SDLC) should be built around secure design are not new. Since developers started writing code, there have been cybersecurity experts pointing out that it would be better if security were considered and woven in from the start rather than tacked on after an application is developed.
Listen to this episode of the Inner Circle podcast and please share your thoughts and questions in the comments below.