"Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects

Name: "Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects
Duration: 15 min
Description: Talk from 34th USENIX Security Symposium (USENIX Security '25).

Harjot Kaur

34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Usable Privacy and Security 2: Software and Experts