Threat modeling is critical to secure development, and people find it intimidating and tough to get started. Adam will present Elevation of Privilege, a simple card game that makes it easy and fun to get started threat modeling.
Adam Shostack is a member of Microsoft's Security Development Lifecycle team, where he is responsible for security design analysis techniques, including the company's threat modeling tools and methodologies. Shostack joined Microsoft in 2006 with an extensive background in software security. Before joining the company, he was involved in a number of successful start-up ventures involving vulnerability scanning, privacy and program analysis. Additionally, Shostack helped create the Common Vulnerabilities and Exposure (CVE) list, and now serves as the Emeritus Advisor of the group. He is also a founding member of both the International Financial Cryptography Association (IFCA) and the Privacy Enhancing Technologies Symposium, and has been a technical advisor to companies such as Counterpane Internet Security and Debix. He has published articles in a variety of industry and academic venues, and is also co-author of the widely-acclaimed book, The New School of Information Security (Addison-Wesley, April 2008).