Designing secure code
nItems to Note While Thread Modeling – cont.:
nCriticality – extent and severity of the damage (some data are invaluable) from 1 (least damage) to 10 (greatest damage)
nAttack techniques – How would an attacker manifest the threat?
nMitigation techniques (optional) – What would mitigate such threat? How difficult it is to mitigate?
nMitigation status – Has the threat been mitigated? Valid entries are: Yes, No, Somewhat and Needs Investigating.
nBug number
n
n