Dimitri Van Landuyt

Dimitri Van Landuyt

Researcher in Software Engineering and Information Systems Engineering. Main topics: Software architecture, self-adaptive systems, security, privacy, data protection, regulation, threat modeling, risk quantification, distributed storage, data protection

The role of assumptions in STRIDE threat modeling

Published in Software and Systems Modeling (SoSyM), 2024

Assumption-making is an integral part of security by design and plays a significant role in scoping the efforts. However, it is often not of focus. An in-depth descriptive study was been performed to gain a better understanding of the role and common use of assumptions in the use of STRIDE.

The first study is based on a data set created by collecting the assumptions made by students performing STRIDE, and augmented with a number of assumptions made by experts. Both data sets can be downloaded below.

For more information: check out “A descriptive study of assumptions in STRIDE security threat modeling” published in Software and Systems Modeling (SoSyM).