Welcome to the SecAware blog

I spy with my beady eye ...

26 Aug 2006

Addressing risks in legacy IT systems

The diagram comes from an excellent new white paper by Israeli security specialist, Danny Lieberman. It eloquently describes a systematic approach for assessing and addressing risks in legacy systems. It examines the question of why there are so many bugs (including defects that cause security issues) in software, and goes on to explain the derivation of threat models (using the Practical Threat Analysis tool) to design appropriate controls.
More risk management, secure development and Bugs! links

No comments:

Post a Comment