To have an effective threat assessment, the following guideline or templates are suggested for the project team:
Threat Modeling tools/templates |
Rationale and purpose |
Knowledge-base of threats and mitigation |
Threat and mitigation knowledge can help the team to decide what's most relevant to the project from the knowledge list instead of starting from zero. For example, CAPEC or ATT&CCK are also good references. |
Tools or threat modeling templates |
A template or tool can enable the team to deliver consistent quality for threat modeling reports. |
In addition, threat modeling analysis won't limit itself to the role of the development team. It also involves the whole team including RD, QA, and DevOps.