colin dellow's bln

Chapter 4 is on modelling threats to software by breaking it down into components and analyzing each part's vulnerabilities.

Chapter 4 introduces modelling techniques for decomposing your applications, including:

• Data Flow Diagrams (DFDs) - modelling how data flows through your application to understand how parts can be attacked


• STRIDE - a way to categorize threats based on what risk they permit: spoofing, tampering of data, repudiation of actions, information disclosure, denial of service or escalation or privileges


• DREAD - a way of rating priority of threats based on damage potential, reproducibility, exploitability, affected users, and discoverability.

Cohen:

It also tells us that STRIDE and DREAD are the models of threats and consequences they use at Microsoft - which helps me to understand why they miss the boat so often. You need to get the book for more details because I need to cut down on the content of my review before we all run out of patience with it and the book. The book is almost 800 pages, by the way, and it does have a solid 40 pages of worthwhile content, not a bad bloat ratio for some software products.

Cohen seems to suggest that STRIDE and DREAD are inferior modelling techniques. Inferior to what? He proposes no alternative.

Cohen:

Chapter 4 is also very important to understanding where Microsoft still misses the boat in security. They didn't spend the time needed to do basic modeling and, as a result, their views and processes are incomplete, inconsistent, and lacking in a systematic approach.

It is unclear to me how a chapter explaining how to do basic modelling consistently and completely in a systematic fashion supports this view.

Cohen:

This is consistent with their expressed view of applying theory where appropriate - that you should never do so. That's part of why they will continue to make big stupid mistakes from time to time.

I don't believe they've said this.