Incorporating Threat Modelling into Security by Design

Abstract

Almost all software systems are vulnerable to several threats, and new ones are continually being introduced as technology develops. The threats that the software potentially faces can arise both from inside or outside of the organization and can have the potential to cause disastrous effects. Threat modelling is a method that can be applied to enhance security by gaining insights into potential threats that the software faces both inside and outside. This thesis explores the integration of threat modelling outputs into the software development lifecycle (SDLC) to enhance software security by creating a threat modelling acceptance model. The research applies a dual approach, combining a narrative literature review and expert interviews to gather comprehensive insights. The narrative literature review synthesizes existing research on threat modelling methods, their integration into the SDLC, common challenges, best practices, and their impact on software security. Key findings indicate that there are many different threat modelling methods available. Early and continuous integration of threat modelling are crucial for effective risk mitigation. The review also highlights the importance of organizational commitment, interdisciplinary collaboration, and the need for efficient and user-friendly tools. Complementing the literature review, expert interviews provide real-world perspectives on the practical implementation of threat modelling. The interviews reveal diverse approaches and emphasize the significance of early integration, cross-functional collaboration, and making threat modelling sessions engaging to ensure genuine participation. Challenges identified include time constraints, lack of expertise, and resistance from development teams, underscoring the need for adequate training and organizational support. The interviews also discuss the balance between compliance-driven approaches and fostering a security-aware culture. The combined findings from the literature review and interviews informed the creation of the Wiersema model. The most important finding is that threat modelling has broader implications than only eliciting threats, it can foster a security-conscious mindset within the company.