Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems

Update: 2025-09-05

Description

In response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI’s CERT Division, sit down with Timothy Chick, technical manager of CERT’s Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can guide system requirements, system design, and operational choices to identify and mitigate threats.

Comments

In Channel

Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems

2025-09-0535:02

Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds

2025-07-3025:10

Mitigating Cyber Risk with Secure by Design

2025-07-1432:29

The Magic in the Middle: Evolving Scaled Software Solutions for National Defense

2025-06-1821:25

Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space

2025-06-0444:26

Deploying on the Edge

2025-05-2801:01:02

The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition

2025-05-1221:40

Updating Risk Assessment in the CERT Secure Coding Standard

2025-04-1735:52

Delivering Next Generation Cyber Capabilities to the DoD Warfighter

2025-04-1527:16

Getting the Most Out of Your Insider Risk Data with IIDES

2025-03-2639:14

Grace Lewis Outlines Vision for IEEE Computer Society Presidency

2025-03-1118:14

Improving Machine Learning Test and Evaluation with MLTE

2025-03-0329:06

DOD Software Modernization: SEI Impact and Innovation

2025-02-2527:12

Securing Docker Containers: Techniques, Challenges, and Tools

2024-12-1639:09

An Introduction to Software Cost Estimation

2024-12-0422:55

Cybersecurity Metrics: Protecting Data and Understanding Threats

2024-10-1127:00

3 Key Elements for Designing Secure Systems

2024-10-0236:28

Using Role-Playing Scenarios to Identify Bias in LLMs

2024-09-1645:07

Best Practices and Lessons Learned in Standing Up an AISIRT

2024-09-0938:29

3 API Security Risks (and How to Protect Against Them)

2024-08-2219:28

00:00

Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems

Alex Vesey, Natasha Shevchenko, Tim Chick

#box-pro-ellipsis-175752917728134{-webkit-line-clamp:2;}Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems

Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems

Alex Vesey, Natasha Shevchenko, Tim Chick

Threat Modeling: Protecting Our Nation’s Complex Software-Intensive Systems