2 Comments
User's avatar
K.S.'s avatar

Could we use realtime threat modeling to monitor for new and evolving threats?

Wouldn't this just blur the line between threat modeling and attack/abuse/system modeling?

Expand full comment
Tomek Ostwald's avatar

Real-time threat modeling is an interesting idea, but I’m not sure we’re there yet (assuming a continuous, complete, and automated process).

That said, threat modeling can be effectively integrated with metrics, monitoring, assurance, or penetration testing (and greatly improve from that!) 

Expand full comment