A work in progress tool will be demonstrated. It enables modeling application/system security requirements, then expands the list of requirements to a more actionable list for design, risk-benefit trade-off analysis, testing and compliance purposes. Security functional requirements libraries and threat modeling mitigation libraries will be community maintained.
John M. Willis is a security architect who seeks to build security in by coming up with new and different ways of looking at things.
Brendan O’Connor (@ussjoin) went to law school to explain tech policy to the government. Instead, he explains security to auditors. Occasionally, he hurts himself while cutting wood.