Brenda Larcom presentation on Threat Modeling Using Trike

abillings

On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the Trike methodology for threat modeling that she and others have been developing over the last nine years.

Threat modeling is heavily used by the Mozilla Security team in order to analyze potential threats and weaknesses in Firefox and also our other systems, such as addons.mozilla.org, browserID, etc. This allows us to address potential security issues or weaknesses as we develop new features and systems at Mozilla. Trike’s goal is automate the repetitive parts of threat modeling to make it more efficient and effective. It also has the benefit of producing testcases that can be used as the basis of repeatable, automated testing.

You can read more about Trike on their site, octotrike.org or you can watch Brenda’s presentation, as it was recorded and broadcast on Air Mozilla.

– Al Billings
Security Program Manager