LOGBOOK

HELP

1 / 28
Other keys: showSpace: good1-4: rate0: skip5: flag6: invert

Question

Who should be involved in a threat modeling analysis session and who takes ownership?

Answer

The technical project manager owns and schedules it; the architect, developer, and tester must attend.

The technical project manager takes ownership and schedules the session because they control the timeline and can compel the right people to show up.

Required participants:

  • Architect
  • Developer
  • Tester

Each threat should be discussed by the team. Some threats will have little impact and can be noted, while others need to be mitigated.

Why this matters: Different perspectives catch different threats - developers see implementation issues, testers think about edge cases, architects understand system-wide implications.

or press any other key