Microsoft's Larry Osterman On Threat Modeling

← Back to Stories (view on slashdot.org)

Microsoft's Larry Osterman On Threat Modeling

Posted by ScuttleMonkey on Monday October 1, 2007 @04:42AM from the they-threat-model-at-microsoft dept.

Schneier has pointed out an excellent series of blog posts about threat modeling by Microsoft's Larry Osterman. The series focuses on the PlaySound API as an example. "As you go about filling in the threat model threat list, it's important to consider the consequences of entering threats and mitigations. While it can be easy to find threats, it is important to realize that all threats have real-world consequences for the development team. At the end of the day, this process is about ensuring that our customer's machines aren't compromised. When we're deciding which threats need mitigation, we concentrate our efforts on those where the attacker can cause real damage."

4 of 113 comments (clear)

Min score:

Reason:

Sort:

That's got to be a hell of a job by Skyshadow · 2007-10-01 04:46 · Score: 5, Insightful

Try to imagine this guy's work day: He gets to wake up in the morning, hug his kids and then go into work and spend all day trying to figure out the right combination of security defaults that will (a) let people go out and do stuff while (b) protecting them from their own "I'm a average Windows user" level of abject stupidity.

Put another way, imagine that instead of just setting up a computer for your parents, you had to set one up for *everybody's* parents. All at once.

As much as it's fun to give MS shit for their products, I think I'd last about two hours in that position before I went into the executive washroom and slashed my wrists.

--
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
1. Re:That's got to be a hell of a job by pembo13 · 2007-10-01 05:00 · Score: 1, Insightful
  
  well, they built that type of user, they get to deal with it
  
  --
  "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Double-plus ungood by Anonymous Coward · 2007-10-01 04:49 · Score: 1, Insightful

I guess "threat mitigation" is more cost-effective than "writing code that doesn't suck".
I prefer Attack Trees. by khasim · 2007-10-01 05:22 · Score: 2, Insightful

http://en.wikipedia.org/wiki/Attack_tree
By Bruce Schneier.

Face it, no matter how secure your little bit of code is, if the SYSTEM is vulnerable, your little bit of code is vulnerable.

Which is where Larry goes wrong in TFA.

You can put all the locks you want on your front door. But if you don't fix the huge hole in the wall next to it, you aren't improving your security at all. No matter what you claim.