Threat modeling is a key technique that is used to analyze what could go wrong in a given software architecture. More often than not, the main output of a threat modeling exercise is a list of mitigations for how to ensure that “what could go wrong” actually “doesn’t go wrong”. While critical, this process can be so much more. By fostering collaboration between security and product teams, threat modeling can strengthen relationships, build trust, and ultimately enhance your software's security.

In this talk we outline how threat modeling can be used as a fitness function to iteratively improve the security posture of the software you are building. Instead of doing one shot threat models to enumerate and mitigate threats, we outline a new model where threat modeling takes input from a wide variety of other sources, ranging from threat intelligence to software development artifacts, and produces outputs in the form of mitigations, vulnerability research, and detections. We’ll then show how to tie these inputs and outputs into a feedback loop that improves the security posture of your organization over time while also building trust and better working relationships between teams.