1 / 28
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
Who should be involved in a threat modeling analysis session and who takes ownership?
Answer
The technical project manager owns and schedules it; the architect, developer, and tester must attend.
The technical project manager takes ownership and schedules the session because they control the timeline and can compel the right people to show up.
Required participants:
- Architect
- Developer
- Tester
Each threat should be discussed by the team. Some threats will have little impact and can be noted, while others need to be mitigated.
Why this matters: Different perspectives catch different threats - developers see implementation issues, testers think about edge cases, architects understand system-wide implications.
or press any other key
Note saved — thanks!