“Better OKRs Through Threat Modeling”

The words “OKRs in threat modeling”
  • Increase assurance that we’re making the right security investments by having current threat model documents for 95% of our apps and operational environments. (Where current is some time metric related to velocity) or
  • Improve system resilience by revisiting ‘what can go wrong’ for a system that’s led to lots of operational problems.
  • Improve defenses by adding one test case for each of STIDE per sprint to existing code for at least 75% of sprint stories.
  • Reduce security debt by 10% over Q1 by going back and creating appropriate system models for 5 of the Legacy Deployments.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Shostack

Adam Shostack

Generally blogging at adam.shostack.org/blog, but shared posts here before Medium asked me to jump through more and more hoops..