Continuous threat modelling (CTM) is a threat modelling approach that enables engineering teams to perform threat modelling autonomously from the security team. The approach is evolutionary, dynamic and should mesh well with teams using Agile and evolving system architectures.
Continuous_Threat_Modelling.md helps create the initial threat model. While the Secure_Developer_Checklist.md helps keep the model up-to-date and relevant.
All manner of contributions are welcome. The approach is in early development and the focus is on creating a simple, effective, easy to use workflow.
- Changes are welcome via pull request.
- Use informative commit messages and pull request descriptions.
- Keep style consistent.
- Keep things simple.
- Focus on principles.
This work is a derivative of "Continuous Threat Modeling" by Autodesk, used under CC BY-SA 4.0. This work is licensed under a CC BY-SA 4.0 by Daniel Davidson.
