On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the Trike methodology for threat modeling that she and others have been developing over the last nine years.
Threat modeling is heavily used by the Mozilla Security team in order to analyze potential threats and weaknesses in Firefox and also our other systems, such as addons.mozilla.org, browserID, etc. This allows us to address potential security issues or weaknesses as we develop new features and systems at Mozilla. Trike’s goal is automate the repetitive parts of threat modeling to make it more efficient and effective. It also has the benefit of producing testcases that can be used as the basis of repeatable, automated testing.
– Al Billings
Security Program Manager