Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects

Abstract

The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for developers, and even more so in agile software development. Hence, threat modeling has not seen widespread use in agile software projects. The goal of this paper is to investigate the challenges facing adoption of threat modeling using the Microsoft approach with STRIDE. We performed a case study in a company comprising five agile development projects. We identified 21 challenges to threat modeling that emerged from our observations. We then mapped these challenges to challenges found in the literature. Some challenges overlap the findings from the literature; the extra challenges we have found in our exploratory study came mostly from the activities of asset identification and also from our observations on what happened after the threat modeling meetings. This study shows that we still have to address many challenges in order to get a proper adoption of threat modeling in agile development projects.