{"id":624,"date":"2012-02-28T17:46:49","date_gmt":"2012-02-29T00:46:49","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=624"},"modified":"2013-05-16T17:01:58","modified_gmt":"2013-05-17T00:01:58","slug":"brenda-larcom-presentation-on-threat-modeling-using-trike","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/","title":{"rendered":"Brenda Larcom presentation on Threat Modeling Using Trike"},"content":{"rendered":"<p>On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the <a href=\"http:\/\/octotrike.org\">Trike<\/a> methodology for threat modeling that she and others have been developing over the last nine years. <\/p>\n<p>Threat modeling is heavily used by the Mozilla Security team in order to analyze potential threats and weaknesses in Firefox and also our other systems, such as <a href=\"http:\/\/addons.mozilla.org\">addons.mozilla.org<\/a>, browserID, etc. This allows us to address potential security issues or weaknesses as we develop new features and systems at Mozilla. Trike&#8217;s goal is automate the repetitive parts of threat modeling to make it more efficient and effective. It also has the benefit of producing testcases that can be used as the basis of repeatable, automated testing.<\/p>\n<p>You can read more about Trike on their site, <a href=\"http:\/\/octotrike.org\">octotrike.org<\/a> or you can <A href=\"http:\/\/vid.ly\/0d8k6x\">watch Brenda&#8217;s presentation<\/a>, as it was recorded and broadcast on <a href=\"http:\/\/air.mozilla.org\">Air Mozilla<\/a>.<\/p>\n<p><video controls width=\"100%\" controls preload=\"none\" poster=\"\/\/vid.ly\/0d8k6x\/poster.jpg\"><source src=\"http:\/\/cf.cdn.vid.ly\/0d8k6x\/mp4.mp4\" type=\"video\/mp4\"><source src=\"http:\/\/cf.cdn.vid.ly\/0d8k6x\/webm.webm\" type=\"video\/webm\"><source src=\"http:\/\/cf.cdn.vid.ly\/0d8k6x\/ogv.ogv\" type=\"video\/ogg\"><a target=\"_blank\" href=\"http:\/\/vid.ly\/0d8k6x\"> <img decoding=\"async\" src=\"\/\/vid.ly\/0d8k6x\/poster.jpg\" width=\"500\"><\/a><\/video><\/p>\n<p>&#8211; Al Billings<br \/>\nSecurity Program Manager<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the Trike methodology for threat modeling that she &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/\">Read more<\/a><\/p>\n","protected":false},"author":54,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Brenda Larcom presentation on Threat Modeling Using Trike - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Al Billings\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/\",\"name\":\"Brenda Larcom presentation on Threat Modeling Using Trike - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2012-02-29T00:46:49+00:00\",\"dateModified\":\"2013-05-17T00:01:58+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Brenda Larcom presentation on Threat Modeling Using Trike\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc\",\"name\":\"Al Billings\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9456a97c7c46aaacc293dfb3e668ecfd\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g\",\"caption\":\"Al Billings\"},\"sameAs\":[\"https:\/\/openbuddha.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Brenda Larcom presentation on Threat Modeling Using Trike - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/","twitter_misc":{"Written by":"Al Billings","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/","url":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/","name":"Brenda Larcom presentation on Threat Modeling Using Trike - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2012-02-29T00:46:49+00:00","dateModified":"2013-05-17T00:01:58+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2012\/02\/28\/brenda-larcom-presentation-on-threat-modeling-using-trike\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Brenda Larcom presentation on Threat Modeling Using Trike"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc","name":"Al Billings","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9456a97c7c46aaacc293dfb3e668ecfd","url":"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g","caption":"Al Billings"},"sameAs":["https:\/\/openbuddha.com"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/624"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/54"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=624"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/624\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=624"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}