Doing Threat Modeling properly will help your teams to create a bit more secure products.

Categories Security, Uncategorized

I created something beautiful, and I want to give the knowledge to you.

How did it start?

While analyzing the SDLC in a company I worked for, I realized a few dangerous gaps in our threat modeling process. I also talked with my network of professionals in other companies and understood that they have the same or similar gaps. 

I decided to fix those gaps by creating a miniature product that I released under a creative commons license.

What were the gaps?

Traditional Thread Modeling approaches widely used today provide a false sense of security, leading to products and services that attacker personas can easily exploit. 

I identified four gaps and will share two of them with you:

Gap 1: Limited Exposure 

Most of the time, threat modeling is made by a single user because they have the most knowledge of the system or compete with others to get some company incentive.

A dialog is a key to establishing the common understandings that lead to value, while documents record those understandings and enable measurement.

The framework’s goal is to make sure everyone has a chance to participate in the exercise – to raise the entire team’s security posture and strengthen the product lines in general. 

The other benefit is that this could be adopted as an internal standard for all the team inside the company and make sure we do the threat analysis with the proper attention and using the same techniques.

Gap 2: Not aligned with the way we deliver software.

The current approach to Threat Modeling is close to a Waterfall model, and it’s far away from the dynamicity of the modern (Agile) way of doing software.

Threat modeling must align with an organization’s development practices and follow design changes in scoped iterations to manageable portions of the system.

We do the modeling in the beginning, and no one is updating them iteratively. Protecto engages the team regularly to repeat the exercise and focus on the most critical security issues first.

How do I fix this?

Protecto contains three main items:

  • A set of concept and visual tools to use with your team to make threat modeling a fun and helpful exercise.
  • A process to follow to make sure your team skills are applied where they will be most beneficial.
  • A 90-min workshop containing two modules and it starts with a beer tap protection exercise to help you and your team understand the process and the tools.

Where can you learn more?

If you want to improve your threat modeling practices and start developing more secure products with Protecto, there are two options:

Want to stop the attackers? Could you not give them something to attack?

My funny out of office auto-responder.

Categories Uncategorized

Hello,
I will be out of the office from 2/20 thru 3/8 – returning to my desk on 3/9.
If you have questions about life, ask Deep Thought.
If you have an emergency, dial 0118-911-881-911-119-7253. (yes, really)

If you wish to speak to an operator say ‘zero’. (In Bulgarian)
If you know the whereabouts of known terrorists, contact Jeff Dunham immediately.

If you know who shot J.R., contact the Dallas Police Department.
If you have a problem, if no one else can help, and if you can find them, call …. Chuck Norris
If he is busy counting to infinity for the third time then call  A-Team

Have fun,
Bogomil Shopov

P.S I have hacked one of the messages here, but mine is funnier.

Developers Will Never Need To Leave Vim Again, especially under Fedora

Categories Uncategorized

As a proud Fedorian, vi user under Fedora and as a developer (well from time to time) I  must share this news that combines my two worlds.

The problem

The truth is everybody needs to do multitasking today. The real cost of it  is hidden, but you’ll definitely lose at least 40% of your productivity if you are constantly switching between apps. Let’s try and do some other stuff in between. :)

40%: This is too much!

The solution

Developers keep on switching between their editors, emails and bug trackers. What if you can get bug reports right where you will fix them? Imagine the immediate gain in productivity!

Continue reading “Developers Will Never Need To Leave Vim Again, especially under Fedora”

Help a freelance journalist in #Crimea. He needs urgently a laptop.

Categories Uncategorized

THIS is important: A friend of mine Jan Husar (freelance journalist and a good guy) is in #Crimea and he needs a new laptop to continue working and spreading the word live about what is going there. If you respect transparency and care about independent news, please help him.

If you can provide the laptop for him, please contact him directly via Facebook.

If not a donation will be an option too:
PayPal: rejden@gmail.com
BitCoin: 138rcMV11TUc3dpnRVvEdwqM9HudZr8xsV

 

See here some of his recent work

Some more updates on Bulgarian #mozilla community.

Categories Mozilla, Uncategorized

Long time no see :)

We have a new design on our community website, based on the official Mozilla wordpress theme:

Mozilla bulgaria Website

 

Finally we had fully localized homepage for Mozilla Addons and Mozilla Addons for developers.

Previous Week:

Screenshot from 2013-05-16 15:05:03

 

Now:

Screenshot from 2013-05-16 15:06:08

We are trying to organize our community better and to make the localization better. So you may expect some news on that pretty soon.

Have a nice day,

Mozilla Bulgaria